To home page

Managing logs with Logrotate on CentOS 7

Configuring logrotate to keep your system and application logs under control.

Logrotate is one of those tools that quietly keeps your server sane. It stops log files from ballooning out of control and eating up your disk space — something that's especially important on VPS and dedicated servers where storage is finite and stability matters.

Checking the installation

Before diving into configuration, make sure logrotate is actually installed. On CentOS 7 it comes pre-installed, but a quick check never hurts:

logrotate --version

If you see a version number — something like logrotate 3.18.0 — you're good to go.

How the configuration is structured

Logrotate's configuration lives in two places:

  • /etc/logrotate.conf — the main config file with global defaults
  • /etc/logrotate.d/ — a directory of per-service config files that override or extend those defaults

Together they define which logs get rotated, how often, how many archived copies to keep, and whether to compress them.

The main configuration file

Open /etc/logrotate.conf with your preferred editor — vi, for example:

vi /etc/logrotate.conf

A typical file looks something like this:

# Rotate logs once a week
weekly

# Keep 4 archived copies
rotate 4

# Create a fresh empty log file after rotation
create

# Append the date to archived file names
dateext

# Compress old logs (uncomment if needed)
#compress

# Pull in per-service configs from /etc/logrotate.d
include /etc/logrotate.d

# System log settings
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

Any directive set here acts as a default across the board — individual service configs in /etc/logrotate.d/ can override these as needed.

Key directives at a glance

  • daily / weekly / monthly / size — how often to rotate: on a schedule, or once a file hits a certain size
  • rotate N — how many archived copies to keep before old ones are deleted
  • create — spin up a fresh empty log file after rotation, preserving the original ownership and permissions
  • compress — compress archived logs (gzip by default)
  • dateext — include the date in the archive filename, e.g. access.log-20250918
  • missingok — don't throw an error if the log file doesn't exist
  • notifempty — skip rotation if the log file is empty
  • postrotate ... endscript — run a block of commands after rotation (handy for reloading a service)
  • maxage N — automatically delete archives older than N days

Setting up rotation for a specific application

Say your app my-app writes its logs to /var/log/my-app/. Create a dedicated config file for it:

vi /etc/logrotate.d/my-app

Here's a solid starting point:

/var/log/my-app/*.log {
    daily
    missingok
    rotate 14
    compress
    notifempty
    create 0640 www-data www-data
    sharedscripts
    postrotate
        systemctl reload my-app
    endscript
}

What each line does:

  • daily — rotate every day
  • rotate 14 — keep two weeks' worth of archives
  • compress — gzip the old logs
  • notifempty — don't rotate if the log file is empty
  • create 0640 www-data www-data — create the new log file with 0640 permissions owned by www-data
  • postrotate ... endscript — reload the app after each rotation so it picks up the new log file

Testing your configuration

Dry run (no changes applied, just shows what would happen):

sudo logrotate /etc/logrotate.conf --debug

Test a specific service config:

sudo logrotate -d /etc/logrotate.d/my-app

Force an immediate rotation:

sudo logrotate /etc/logrotate.conf --force

Rotating logs in custom directories

If your application logs to a non-standard path — say /home/user/logs/ — you can still manage it with a local config file:

vi /home/user/logrotate.conf

/home/user/logs/*.log {
    hourly
    missingok
    rotate 24
    compress
    create
}

Create the directory and a test log file:

mkdir ~/logs
touch ~/logs/access.log

Then run a forced rotation, pointing to a custom state file:

logrotate /home/user/logrotate.conf \
  --state /home/user/logrotate-state \
  --verbose --force
  • --state — tells logrotate where to store the record of its last run
  • --verbose — prints a detailed log of everything it does

Automating with Cron

To have logrotate run on a schedule without any manual intervention, add a cron job:

crontab -e

For example, to run it every hour at the 14-minute mark:

14 * * * * /usr/sbin/logrotate /home/user/logrotate.conf --state /home/user/logrotate-state

Help

If you have any questions or need assistance, please contact us through the ticket system — we're always here to help!

Updated at:
Need help?Our engineers will help you free of charge with any question in minutesContact us