In this example case /var/log/secure.log will be rotated daily and if the log file size exceeds 100mb rotate process will start.
1. By default system rotates all major OS logs by checking syslog file located in /etc/logrotate.d/
# cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /bin/kill -HUP 'cat /var/run/syslogd.pid 2> /dev/null' 2> /dev/null || true endscript } #
2. To add separate log rotation policy for /var/log/secure simply hash the entry in above syslog file and create separate file in /etc/logrotate.d/
# cd /etc/logrotate.d/ # touch securelog # chmod 644 securelog; chown root:root securelog # vi securelog /var/log/secure.log { daily maxsize 100M rotate 4 }
Explanatiion
daily – rotate log file daily.
maxsize – Log files are rotated when they grow bigger than X size bytes even before the additionally specified time interval (daily, weekly, monthly, or yearly).
rotate – Log files are rotated [count] times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
Check manual page (man logrotate) for more information.
# man logrotate