Lead Image © Vlad Kochelaevskiy, 123RF.com

Manage logs with logrotate

The Bookkeeper

Article from ADMIN 54/2019

By Mayank Sharma

Take charge of your installation's logfiles with logrotate.

Perhaps one of the most underreported yet regular tasks of a system administrator is to parse logfiles. Scrolling through logfiles isn't fun, but they are an indispensable resource for helping troubleshoot an issue. Seasoned admins will tell you that they almost always instinctively pull up the logs whenever they face any issues with their installations.

Linux, for its part, is ever vigilant and makes careful logs of everything that takes place within your system. Most logfiles under Linux reside under the /var/log/ directory. These are all system and service logs, which come in handy when troubleshooting system-wide issues. Different apps also write app-specific logs, which are kept in a configurable location usually under a user's home directory.

You don't necessarily need to use any special tools to read logfiles, since they are stored as plain text. Not only can you search the logfiles, you can also create scripts to traverse them and then perform any action based on the results. While you can usually read logfiles without leaving the command-line interface (CLI) (see the box titled "View Logfiles Using the CLI"), many distributions also ship with a graphical tool to help you with the task (Figure 1).

View Logfiles Using the CLI

Most logfiles' unending nature means often using tools like grep and tail to view only the information you need instead of traversing through the entire file each time. As an example, an authorization tool's logfiles prompt for user passwords (such as sudo), SSH sessions, and such. Their usage is tracked by the /var/log/auth.log file. Depending on how your system is accessed, this file will have many entries. So if you only want to look at information related to sshd

...

Use Express-Checkout link below to read the full article (PDF).