I recently needed to review the Apache httpd error log file on my server (/var/log/httpd-error.log), and had to scroll through 95,000 lines before getting to the part of interest. The server was rebooted only a month earlier, which shows how fast the Apache log file grows even on a server with relatively low demand.
To make Apache’s log files more manageable, I configured them to roll every week using the FreeBSD standard newsyslog utility, which is run from cron (see /etc/crontab).
Instead of editing the newsyslog config file (/etc/newsyslog.conf) directly, create a secondary configuration file specifically to rotate Apache logs. The end of the newsyslog master configuration file reads any secondary config files,
...
<include> /etc/newsyslog.conf.d/[!.]*.conf
<include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf
and secondary configuration files will not be affected by upgrades to newsyslog.
First create a directory for the Apache newsyslog configuration file. Since Apache is third-party software, create the /usr/local/etc/newsyslog.conf.d directory.
% sudo mkdir -p /usr/local/etc/newsyslog.conf.d
and then create the config file:
% sudo vi /usr/local/etc/newsyslog.conf.d/apache.conf
# Apache
# [logfile name] [owner-group] [mode] [count] [size] [when] [flags] [path to pid file] [signal]
/var/log/httpd-access.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30
/var/log/httpd-error.log www:www 640 9 * $W1D4 J /var/run/httpd.pid 30
The will roll the access and error log files every Monday at 4am (system time), a total of 9 weekly archives will be kept (providing up to 10 weeks of logs counting the current log), and log file archives will be compressed using bzip2. The file mode is consistent with other system logs, but could be made more restrictive if desired. A SIGUSR1 signal (30) is sent to Apache to perform a graceful restart after rolling the log file.
For more information, see the System Logging section of the FreeBSD Manual and man pages for newsyslog and newsyslog.conf.
To read a compressed log file, uncompress the file and pipe to less:
% sudo bzcat httpd-error.log.0.bz2 | less
or use the simpler:
% sudo bzless httpd-error.log.0.bz2
Cheers!
Thank you for posting this. I have done the same for years, except that I did not use the /usr/local/etc/ directory, which should be used, so I learned something today 😉
One thing to point out is that you don’t need to set the signal to 30, newsyslog by default uses SIGHUP, and that is what is recommended in the apache documentation for rotating log files:
https://httpd.apache.org/docs/2.4/mod/mpm_common.html#PidFile
I simply left that field blank (so that newsyslog uses the default signal) and never had an issue.
Cheers, DrTebi
Thanks for the tip DrTebi, I have updated my system. You taught me something too!
Brilliant!
Thank-you for writing this article, it’s a nice simple overview and exactly what I was looking for. I didn’t know newsyslogd will look for optional config files in the locations you indicated, this is much better than hacking the main conf file.