If you have never studied the process(es) managing your logs, you need to dedicate some time to the workings of the logrotate command. The keeping of logs is one of those unavoidable tasks which you desperately need to offer a spotlight on problems when they creep up out of nowhere (by all appearances 
).
All the log files being managed by the logrotate utility are listed under the following directory:
- /etc/logrotate.d
The list of files on my "minimalist" system are as follows:
-rw-r--r-- 1 root root 120 Sep 5 2019 alternatives
-rw-r--r-- 1 root root 433 Dec 4 2023 apache2
-rw-r--r-- 1 root root 126 Dec 4 2019 apport
-rw-r--r-- 1 root root 173 Apr 9 2020 apt
-rw-r--r-- 1 root root 79 Feb 19 2020 aptitude
-rw-r--r-- 1 root root 91 Apr 1 2020 bootlog
-rw-r--r-- 1 root root 130 Jan 21 2019 btmp
-rw-r--r-- 1 root root 409 Feb 22 2021 clamav-freshclam
-rw-r--r-- 1 root root 181 Feb 17 2020 cups-daemon
-rw-r--r-- 1 root root 99 Nov 1 22:30 dpkg
-rw-r--r-- 1 root root 112 Sep 5 2019 dpkg.DISTRO
-rw-r--r-- 1 root root 99 Nov 1 22:30 dpkg.OasisMega1
-rw-r--r-- 1 root root 135 May 3 2018 iptraf-ng
-rw-r--r-- 1 root root 125 Aug 13 2019 lightdm
-rw-r--r-- 1 root root 94 Feb 8 2019 ppp
-rw-r--r-- 1 root root 162 Feb 23 2020 rkhunter
-rw-r--r-- 1 root root 374 Dec 23 2021 rsyslog
-rw-r--r-- 1 root root 132 Sep 10 2020 sane-utils
-rw-r--r-- 1 root root 224 Dec 22 2013 slrnpull
-rw-r--r-- 1 root root 174 May 18 2022 sssd-common
-rw-r--r-- 1 root root 270 Feb 14 2024 ubuntu-pro-client
-rw-r--r-- 1 root root 209 Sep 19 2021 ufw
-rw-r--r-- 1 root root 235 Apr 13 2020 unattended-upgrades
-rw-r--r-- 1 root root 145 Feb 19 2018 wtmp
Let's look at one such file.
FILE: /etc/logrotate.d/dpkg
/var/log/dpkg.log {
monthly
rotate 12
compress
delaycompress
missingok
notifempty
create 644 root root
}
Where you might want to revisit these default settings:
-
"monthly" could be replace by "weekly", if you want to rotate the logs out more frequently;
-
"rotate 12" could be replaced by "rotate 84", if you wanted 7 years of logs kept (if monthly), or replaced by "rotate 105" if you wanted to ensure 2 years of logs (if weekly); and
-
if you wanted to keep the dpkg logs readable, in order to be able to review or analyze packages and installation activities, you might want to change the "compress" to "nocompress" and remove the "delaycompress", since it would no longer be applicable.
I've just updated my own "dpkg" file to the following settings:
/var/log/dpkg.log {
monthly
rotate 84
nocompress
missingok
notifempty
create 644 root root
}
If you wish to deepen your understanding of the logrotate service function, you might wish to visit the following URL for a more comprehensive explanation and discussion: