Log rotation


In information technology, log rotation is an automated process used in system administration in which log files are compressed, moved, renamed or deleted once they are too old or too big.
New incoming log data is directed into a new fresh file.
The main purpose of log rotation is to restrict the volume of the log data and to avoid to overflow the record store and keeping the log files small enough so viewers can still open them.
Servers which run large applications, such as LAMP stacks, often log every request: in the face of bulky logs, log rotation provides a way to limit the total size of the logs retained while still allowing analysis of recent events.

Methods of archival

In Linux log rotation is typically performed using the logrotate command. The command can be used to email logs to a systems administrator after log rotation. Dated logs may also be compressed.
In FreeBSD and macOS the newsyslog command is used. It has the ability to trigger rotation based on file size, time or interval. It can compress the archives and send a signal to a process to reset logging.
The command is often run as a cron job, which has the effect of fully automatic log rotation.
Typically, a new logfile is created periodically, and the old logfile is renamed by appending a "1" to the name. Each time a new log file is started, the numbers in the file names of old logfiles are increased by one, so the files "rotate" through the numbers. Old logfiles whose number exceeds a threshold can then be deleted or archived off-line to save space.