I had reason to review the Apache httpd error log file on my server recently (/var/log/httpd-error.log), and even though the server had been rebooted only a month ago I had to scroll through 95,000 lines before getting to the part of interest.
To make Apache’s log files more manageable, I configured them to roll every week using the FreeBSD standard newsyslog utility, which is run from cron (see /etc/crontab).
The newsyslog’s config file /etc/newsyslog.conf could be edited to add rotating the Apache logs, which would keep all the configuration details in one place, but if newsyslog is ever updated this will require the old and new config files be manually merged. Instead, create a secondary configuration file for rotating Apache logs, which will be automatically read by the master newsyslog.conf file by these lines at the end:
... <include> /etc/newsyslog.conf.d/[!.]*.conf <include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf
First create a directory for the Apache newsyslog configuration file. Since Apache is third-party software, create the /usr/local/etc/newsyslog.conf.d directory.
% sudo mkdir -p /usr/local/etc/newsyslog.conf.d
and then create the config file:
% sudo vi /usr/local/etc/newsyslog.conf.d/apache.conf # Apache # [logfile name] [owner-group] [mode] [count] [size] [when] [flags] [path to pid file] [signal] /var/log/httpd-access.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30 /var/log/httpd-error.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30
The will roll the access and error log files every Monday at 4am (system time), a total of 9 weekly archives will be kept (providing up to 10 weeks of logs counting the current log), and log file archives will be compressed using bzip2. The file mode is consistent with other system logs, but could be made more restrictive if desired. A SIGUSR1 signal (30) is sent to Apache to perform a graceful restart after rolling the log file.
For more information, see the System Logging section of the FreeBSD Manual and man pages for newsyslog and newsyslog.conf.
To read a compressed log file, uncompress the file and pipe to less:
% sudo bzcat httpd-error.log.0.bz2 | less
or use the simpler:
% sudo bzless httpd-error.log.0.bz2