<<Back to Linux Notebook

There are many reasons why you would want your own script to rotate log files. For instance, if you initially installed Linux to your hard drive via a Knoppix live CD, and then upgraded (or in many cases, downgraded) to a Debian installation, the rotation of log files may not occur properly. If the log files are not being rotated, they could eventually fill up the partition that contains /var (this is bad).

In my case, I wanted the log files to only be rotated once every other month, and for only the last three archived copies of the log files to be kept around. The way that I chose to implement this was in a shell script, and the script is run by a cron job. The shell script was called "/root/rotatelogs", was set to be executable by root, and only readable by everyone else.



The script is kind of long, which is why the contents are listed in the last section.

To explain what the script does, let's look at the auth.log file. The previous 2 month span would be archived in auth.log.old.1. This file is followed by auth.log.old.2 with contains the logs from the previous 2 months, etc. auth.log.old.3 contains the oldest logs.

The first thing the script does is delete the oldest archived log file (auth.log.old.3). It then increments the names of the other archives such that the contents of auth.log.old.2 becomes the oldest archived log file. After all of the archived log files are incremented, it takes the contents of the currently open auth.log file, and archives it by moving it to auth.log.old.1.

This procedure is then performed on the daemon.log, kern.log, messages, syslog, and wtmp files. Finally, at the end of the script, syslogd is restarted, which causes it to start writing to the brand new, empty log files.

I realize that the script is kind of a hack, but I'm not that great with shell scripts, and this was the only way I could figure out how to accomplish the task. And it works.

Additional disk space could be saved by gzip'ing each new log file after it is created.



To add the script to the crontab, first create a text file that defines how often the script will be run. For the rotatelogs script, I created /root/rotatelogs-crontab.txt. This file only contains one line:


The first two zeros define the minute and hour of the day that the script should be run (0:00=midnight). The 1 defines the day of the month that the script should be run. The 2,4,6,8,10,12 define the months that the script should run (Feb, Apr, Jun, Aug, Oct, Dec). Finally, the * defines the day of the week that the script should run (* = any day of the week). Therefore, this crontab should cause the script to execute at midnight, on the first day of every other month, no matter what day that falls on.

Let's say you wanted the script instead to run at midnight, on the first day of every month, no matter what day it falls on. Then the crontab would contain the following line:


Finally, this file needs to be uploaded to the crontab spool area.


You can list the contents of the crontab spool area to verify that it was uploaded properly:


To delete the crontab, use the following:






The contents of the shell script are as follows: