Debian log rotation for apache web server

To enable log rotation on Debian, you can use the logrotate package, which is already installed. You should enable and start the systemd service with this command - sudo systemctl enable --now logrotate.timer. You can use systemctl status logrotate.timer to show the status of the logrotate.timer unit, which is now active.

● logrotate.timer - Daily rotation of log files
     Loaded: loaded (/lib/systemd/system/logrotate.timer; enabled; preset: enabled)
     Active: active (waiting) since Sun 2025-01-05 21:38:02 UTC; 11s ago
    Trigger: Mon 2025-01-06 00:00:00 UTC; 2h 21min left
   Triggers: ● logrotate.service
       Docs: man:logrotate(8)
             man:logrotate.conf(5)

Jan 05 21:38:02 ip-172-31-27-178 systemd[1]: Stopped logrotate.timer - Daily rotation of log files.
Jan 05 21:38:02 ip-172-31-27-178 systemd[1]: Stopping logrotate.timer - Daily rotation of log files...

With the command systemctl list-timers, you can list the enabled timers, which are equivalent to cron jobs.

NEXT                        LEFT          LAST                        PASSED       UNIT                         ACTIVATES
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 00:00:02 UTC 21h ago      dpkg-db-backup.timer         dpkg-db-backup.service
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 00:00:02 UTC 21h ago      exim4-base.timer             exim4-base.service
Mon 2025-01-06 00:00:00 UTC 2h 21min left Sun 2025-01-05 21:06:36 UTC 31min ago    logrotate.timer              logrotate.service

For the apache webserver, the /etc/logrotate.d/apache2 config file is already present:

/var/log/apache2/*.log {
        daily
        missingok
        rotate 14
        size=5M
        compress
        delaycompress
        [..]
}

The /var/log/apache2/access.log file will be rotated, as it is more than 5M in size, as per the configuration file above.

admin@ip-172-31-27-178:~$ ls -lha /var/log/apache2/
total 6.0M
drwxr-x---  2 root adm  4.0K Dec  6 19:08 .
drwxr-xr-x 10 root root 4.0K Jan  5 21:06 ..
-rw-r-----  1 root adm  6.0M Jan  5 21:19 access.log

If we run logrotate with the -d parameter, it will do a dry run (nothing will be modified), you can see what will be done.

sudo logrotate -d /etc/logrotate.conf

warning: logrotate in debug mode does nothing except printing debug messages!  Consider using verbose mode (-v) instead if this is not what you want.

reading config file /etc/logrotate.conf
including /etc/logrotate.d
Ignoring rsyslog.disabled, because of *.disabled pattern match
reading config file alternatives
reading config file apache2
note: 'size' overrides previously specified 'daily'
[..]

Handling 11 logs
[..]

rotating pattern: /var/log/apache2/*.log  5242880 bytes (14 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/apache2/access.log
Creating new state
  Now: 2025-01-05 21:36
  Last rotated at 2025-01-05 21:00
  log needs rotating
[..]
rotating log /var/log/apache2/access.log, log->rotateCount is 14
dateext suffix '-20250105'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
running prerotate script
[..]
renaming /var/log/apache2/access.log to /var/log/apache2/access.log-20250105
creating new /var/log/apache2/access.log mode = 0640 uid = 0 gid = 4
running postrotate script

Use the ls command to see the results of the log rotation, a new file access.log-20250106 is created, which stores the old logs, and the access.log file stores new log entries.

ls -lha /var/log/apache2/
total 6.0M
drwxr-x---  2 root adm  4.0K Jan  6 00:00 .
drwxr-xr-x 10 root root 4.0K Jan  5 21:06 ..
-rw-r-----  1 root adm   25K Jan  6 12:08 access.log
-rw-r-----  1 root adm  6.0M Jan  5 23:56 access.log-20250106