Debian log rotation for apache web server
To enable log rotation on Debian, you can use the logrotate package, which is already installed.
You should enable and start the systemd service with this command - sudo systemctl enable --now logrotate.timer.
You can use systemctl status logrotate.timer to show the status of the logrotate.timer unit, which is now active.
● logrotate.timer - Daily rotation of log files
Loaded: loaded (/lib/systemd/system/logrotate.timer; enabled; preset: enabled)
Active: active (waiting) since Sun 2025-01-05 21:38:02 UTC; 11s ago
Trigger: Mon 2025-01-06 00:00:00 UTC; 2h 21min left
Triggers: ● logrotate.service
Docs: man:logrotate(8)
man:logrotate.conf(5)
Jan 05 21:38:02 ip-172-31-27-178 systemd[1]: Stopped logrotate.timer - Daily rotation of log files.
Jan 05 21:38:02 ip-172-31-27-178 systemd[1]: Stopping logrotate.timer - Daily rotation of log files...
With the command systemctl list-timers, you can list the enabled timers, which are equivalent to cron jobs.
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 00:00:02 UTC 21h ago dpkg-db-backup.timer dpkg-db-backup.service
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 00:00:02 UTC 21h ago exim4-base.timer exim4-base.service
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 21:06:36 UTC 31min ago logrotate.timer logrotate.service
For the apache webserver, the /etc/logrotate.d/apache2 config file is already present:
/var/log/apache2/*.log {
daily
missingok
rotate 14
size=5M
compress
delaycompress
[..]
}
The /var/log/apache2/access.log file will be rotated, as it is more than 5M in size, as per the configuration file above.
admin@ip-172-31-27-178:~$ ls -lha /var/log/apache2/
total 6.0M
drwxr-x--- 2 root adm 4.0K Dec 6 19:08 .
drwxr-xr-x 10 root root 4.0K Jan 5 21:06 ..
-rw-r----- 1 root adm 6.0M Jan 5 21:19 access.log
If we run logrotate with the -d parameter, it will do a dry run (nothing will be modified), you can see what will be done.
sudo logrotate -d /etc/logrotate.conf
warning: logrotate in debug mode does nothing except printing debug messages! Consider using verbose mode (-v) instead if this is not what you want.
reading config file /etc/logrotate.conf
including /etc/logrotate.d
Ignoring rsyslog.disabled, because of *.disabled pattern match
reading config file alternatives
reading config file apache2
note: 'size' overrides previously specified 'daily'
[..]
Handling 11 logs
[..]
rotating pattern: /var/log/apache2/*.log 5242880 bytes (14 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/apache2/access.log
Creating new state
Now: 2025-01-05 21:36
Last rotated at 2025-01-05 21:00
log needs rotating
[..]
rotating log /var/log/apache2/access.log, log->rotateCount is 14
dateext suffix '-20250105'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
running prerotate script
[..]
renaming /var/log/apache2/access.log to /var/log/apache2/access.log-20250105
creating new /var/log/apache2/access.log mode = 0640 uid = 0 gid = 4
running postrotate script
Use the ls command to see the results of the log rotation, a new file access.log-20250106 is created, which stores the old logs, and the access.log file stores new log entries.
ls -lha /var/log/apache2/
total 6.0M
drwxr-x--- 2 root adm 4.0K Jan 6 00:00 .
drwxr-xr-x 10 root root 4.0K Jan 5 21:06 ..
-rw-r----- 1 root adm 25K Jan 6 12:08 access.log
-rw-r----- 1 root adm 6.0M Jan 5 23:56 access.log-20250106