Ubuntu Log Rotation Explained: Complete logrotate Guide

Ubuntu Log Rotation Explained: Complete logrotate Guide

Log rotation is one of the most critical yet often overlooked aspects of running a production Ubuntu Server. Without proper log rotation, log files can grow indefinitely, eventually consuming all available disk space, causing services to fail, applications to crash, or even preventing the system from booting properly. The standard mechanism Ubuntu uses to manage this problem is logrotate, a powerful and flexible log rotation utility that has been the de facto standard on Debian-based systems for decades.

logrotate is responsible for automatically compressing, archiving, deleting, or renaming log files according to predefined rules. It handles the rotation of logs generated by almost every service on the system — from system logs (/var/log/syslog, /var/log/auth.log), web server logs (nginx, apache2), database logs (mysql, postgresql), mail server logs, to custom application logs. Understanding how logrotate works internally and how to configure it properly is essential knowledge for any serious Ubuntu server administrator.

Preparation Work

Before modifying any logrotate configuration, you should understand where the configuration files are located and how they are organized.

The main configuration file is located at:

text
/etc/logrotate.conf

This file contains global settings that apply to all rotations unless overridden in individual configuration files. Most real-world configurations are defined in separate files under:

text
/etc/logrotate.d/

Each package that needs log rotation (nginx, apache2, rsyslog, postgresql, etc.) installs its own file in this directory. This modular design is intentional — it allows packages to manage their own logs independently and makes upgrades safer.

You can list all active rotation configurations with:

Bash
ls -l /etc/logrotate.d/

To understand what logrotate would do without actually rotating anything, use the debug mode:

Bash
sudo logrotate -d /etc/logrotate.conf

The -d (debug) flag shows exactly which files would be rotated, renamed, compressed, or deleted based on current rules and file states.

Core Configuration Structure

A typical logrotate configuration file consists of several blocks. Each block starts with a log file path (or wildcard pattern) and is followed by options inside curly braces.

Basic structure example:

text
/var/log/nginx/access.log /var/log/nginx/error.log {
    # rotation rules
}

Common and most important directives:

  • daily / weekly / monthly / yearly Frequency of rotation. daily is most common for busy servers.
  • rotate N How many old rotated logs to keep. Example: rotate 7 keeps 7 days of logs.
  • size 100M Rotate when the log file exceeds this size (alternative or in addition to time-based rotation).
  • missingok Do not produce an error if the log file is missing (very common and recommended).
  • notifempty Do not rotate if the log file is empty.
  • create 0640 www-data adm After rotation, create a new log file with these permissions and ownership.
  • compress / delaycompress Compress old logs with gzip. delaycompress keeps the most recent rotated file uncompressed.
  • postrotate / prerotate / firstaction / lastaction Scripts to run before or after rotation. Most commonly used to tell services to reopen log files.
  • sharedscripts When using wildcards, run postrotate script only once (not once per file).

Example of a realistic web server block:

text
/var/log/nginx/*.log {
    daily
    rotate 14
    missingok
    compress
    delaycompress
    notifempty
    create 0640 www-data adm
    sharedscripts
    postrotate
        /usr/sbin/nginx -s reopen
    endscript
}

Optimization & Advanced Configuration Techniques

For high-traffic servers, the default settings are often insufficient. Here are the most effective optimizations:

1. Size-based + time-based hybrid rotation

text
size 250M
maxsize 500M
daily
rotate 30

This rotates at least daily, but also forces rotation if the file grows very large within the day.

2. Date-named rotated files (very useful for long-term archiving)

text
dateext
dateformat -%Y-%m-%d

Files become: access.log-2026-02-09.gz

3. Very aggressive compression for old logs

text
compress
compresscmd /usr/bin/pigz
compressext .gz
compressoptions -9

pigz (parallel gzip) significantly speeds up compression on multi-core servers.

4. Prevent disk space exhaustion

text
maxage 180
minsize 1M

Delete any rotated log older than 180 days, regardless of how many copies exist.

5. Copy & truncate instead of rename (safer for some services)

text
copytruncate

Instead of renaming the file, logrotate copies the content to the new file and truncates the original. This avoids situations where applications keep writing to the old file descriptor after rotation.

6. Global defaults optimization

In /etc/logrotate.conf, many administrators update the global settings:

text
weekly
rotate 8
create
dateext
compress
delaycompress
missingok
notifempty

These defaults apply to all rotations unless overridden.

Verification & Troubleshooting

After modifying any logrotate configuration, always verify:

Bash
# Check syntax of all config files
sudo logrotate -d /etc/logrotate.conf

# Force rotation now (debug mode)
sudo logrotate -d -f /etc/logrotate.conf

# Actually force rotation (use with caution)
sudo logrotate -f /etc/logrotate.conf

Common issues and fixes:

  • Logs not rotating → check if the file matches the pattern, if minsize is too large, or if notifempty is blocking
  • Service keeps writing to old file → use postrotate to send reload/reopen signal
  • Rotation fails silently → check /var/log/syslog or sudo journalctl -u logrotate for errors
  • Permission problems after rotation → verify create directive has correct owner/group
  • Disk still fills up → run sudo logrotate -f /etc/logrotate.conf and immediately check disk usage

You can also force daily rotation testing by temporarily changing daily to hourly and placing the file in /etc/cron.hourly/logrotate (don’t forget to revert).

Summary

Proper log rotation is not optional — it is a fundamental operational requirement for any serious Ubuntu Server deployment. The combination of time-based rotation, size limits, compression, post-rotation hooks, and aggressive cleanup policies ensures that logs remain useful for troubleshooting while preventing disk space exhaustion.

Mastering logrotate means understanding both the default behaviors installed by packages and how to override them safely for your specific workload. Once configured correctly, logrotate runs silently in the background (usually via daily cron) and prevents one of the most common causes of production outages.

For administrators managing multiple Ubuntu servers (especially high-traffic web or SEO-related environments), having reliable, fast, and well-connected infrastructure is just as important as proper log management. Many operators choose Hong Kong-based servers for their excellent connectivity to Asian audiences and global reach.

Fast • Reliable • Affordable VPS - DO It Now!

Get top VPS hosting with VPS.DO’s fast, low-cost plans. Try risk-free with our 7-day no-questions-asked refund and start today!

Contact Us

VPS.DO offers reliable, cost-effective KVM VPS hosting as a robust Cloud-as-a-Service solution worldwide. We DO our best to power your success with unbeatable VPS value.

Copyright © 2026 VPS.DO

Services
Information
Account