In information technology, log rotation is an automated process used in system administration in which dated log files are archived. Servers which run large applications, such as LAMP stacks, often log every request: in the face of bulky logs, log rotation provides a way to limit the total size of the logs retained while still allowing analysis of recent events.
Methods of archival
In FreeBSD and macOS the newsyslog command is used. It has the ability to trigger rotation based on file size, time or interval (or any combination thereof). It can compress the archives and send a signal to a process to reset logging.
The command is often run as a cron job, which has the effect of fully automatic log rotation.
Typically, a new logfile is created periodically, and the old logfile is renamed by appending a "1" to the name. Each time a new log file is started, the numbers in the file names of old logfiles are increased by one, so the files "rotate" through the numbers (thus the name "log rotation"). Old logfiles whose number exceeds a threshold can then be deleted or archived off-line to save space.
Kent, Karen; Souppaya, Murugiah (September 2006). "Guide to Computer Security Management: Recommendations of the National Institute of Standards and Technology" (PDF). Special Publication 800-92. Gaithersburg, MD: National Institute of Standards and Technology: Technology Administration, U.S. Department of Commerce. p. 3-3. Retrieved 2014-10-02.
Log rotation is closing a log file and opening a new log file when the first file is considered to be complete. Log rotation is typically performed according to a schedule (e.g., hourly, daily, weekly) or when a log file reaches a certain size.
- "logrotate (8) - Linux man page". Retrieved February 10, 2013.
- "Log rotation". Retrieved February 10, 2013.
- "newsyslog (8) - maintain system log files to manageable sizes".
|This computing article is a stub. You can help Wikipedia by expanding it.|