I recently needed to review the Apache httpd error log file on my server (/var/log/httpd-error.log), and had to scroll through 95,000 lines before getting to the part of interest. The server was rebooted only a month earlier, which shows how fast the Apache log file grows even on a server with relatively low demand.
To make Apache’s log files more manageable, I configured them to roll every week using the FreeBSD standard newsyslog utility, which is run from cron (see /etc/crontab).
Instead of editing the newsyslog config file (/etc/newsyslog.conf) directly, create a secondary configuration file specifically to rotate Apache logs. The end of the newsyslog master configuration file reads any secondary config files,
... <include> /etc/newsyslog.conf.d/[!.]*.conf <include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf
and secondary configuration files will not be affected by upgrades to newsyslog.
First create a directory for the Apache newsyslog configuration file. Since Apache is third-party software, create the /usr/local/etc/newsyslog.conf.d directory.
% sudo mkdir -p /usr/local/etc/newsyslog.conf.d
and then create the config file:
% sudo vi /usr/local/etc/newsyslog.conf.d/apache.conf # Apache # [logfile name] [owner-group] [mode] [count] [size] [when] [flags] [path to pid file] [signal] /var/log/httpd-access.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30 /var/log/httpd-error.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30
The will roll the access and error log files every Monday at 4am (system time), a total of 9 weekly archives will be kept (providing up to 10 weeks of logs counting the current log), and log file archives will be compressed using bzip2. The file mode is consistent with other system logs, but could be made more restrictive if desired. A SIGUSR1 signal (30) is sent to Apache to perform a graceful restart after rolling the log file.
For more information, see the System Logging section of the FreeBSD Manual and man pages for newsyslog and newsyslog.conf.
To read a compressed log file, uncompress the file and pipe to less:
% sudo bzcat httpd-error.log.0.bz2 | less
or use the simpler:
% sudo bzless httpd-error.log.0.bz2