Skip to main content

Logrotate Cheatsheet — 60+ Directives, Commands and Gotchas with Copy-Ready Templates

Logrotate cheat sheet — directives, CLI flags, postrotate scripts, pitfalls, and copy-ready config templates for nginx, rsyslog, and app logs.

  • Runs locally
  • Category Developer & DevOps
  • Best for Formatting, validating, shrinking, or inspecting code-adjacent text.
63 items
CLI commands (8)
logrotate /etc/logrotate.conf

Run logrotate with the main config file. Normally invoked daily by cron (/etc/cron.daily/logrotate) or a systemd timer.

Common pitfall: Running manually as a non-root user can silently skip files that require elevated privileges. Always check the status file afterward.

Examples
logrotate /etc/logrotate.conf
sudo logrotate /etc/logrotate.conf
logrotate -d /etc/logrotate.conf

Dry-run / debug mode. Shows what logrotate would do — which files match, which would rotate, whether the postrotate script is valid — without actually rotating anything.

Common pitfall: `-d` implies `-v`. The output says "rotating" but NOTHING is actually rotated. Confirm this every time you test a new config.

Examples
logrotate -d /etc/logrotate.conf
logrotate -d /etc/logrotate.d/nginx
sudo logrotate --debug /etc/logrotate.d/myapp
logrotate -f /etc/logrotate.conf

Force rotation even if it is not due yet (the log was rotated recently). Essential for testing a new config on a log that was just rotated.

Common pitfall: Always dry-run with `-d` first. `-f` on a misconfigured glob can move or truncate files you did not intend to touch.

Examples
sudo logrotate -f /etc/logrotate.conf
sudo logrotate -f /etc/logrotate.d/nginx
sudo logrotate --force /etc/logrotate.d/myapp
logrotate -v /etc/logrotate.conf

Verbose mode. Prints each file being considered, whether it is being rotated, and the result of each directive — useful for diagnosing why a log is not rotating.

Examples
sudo logrotate -v /etc/logrotate.conf
sudo logrotate -v /etc/logrotate.d/nginx
sudo logrotate -v -f /etc/logrotate.d/myapp
logrotate -f -v /etc/logrotate.d/<config>

Force + verbose on a single config file. The most useful combination when testing one service's rotation config in isolation.

Examples
sudo logrotate -f -v /etc/logrotate.d/nginx
sudo logrotate -f -v /etc/logrotate.d/myapp
logrotate -s <statusfile> /etc/logrotate.conf

Use a custom status file to track rotation timestamps. Default is /var/lib/logrotate/status (or /var/lib/logrotate.status on some distros).

Common pitfall: If the status file is not writable by the user running logrotate, rotations that "succeed" are never recorded and will repeat on every run.

Examples
logrotate -s /var/lib/logrotate/status /etc/logrotate.conf
logrotate -s /tmp/lr-test.status -f -v /etc/logrotate.d/nginx
cat /var/lib/logrotate/status

View the logrotate status file to see when each log file was last rotated. Helps diagnose why a file is or is not being rotated.

Examples
cat /var/lib/logrotate/status
grep nginx /var/lib/logrotate/status
grep myapp /var/lib/logrotate/status
logrotate --version

Print the installed logrotate version. Some directives (hourly, maxage, dateyesterday) require logrotate ≥ 3.9.

Examples
logrotate --version
Config directives (37)
rotate N

Keep N old log files before deleting the oldest. `rotate 7` keeps 7 backups (log.1 … log.7). Setting `rotate 0` deletes the log immediately after rotation.

Common pitfall: Default is `rotate 4` — if you omit this directive your old logs start disappearing after the fourth rotation.

Examples
rotate 7
rotate 30
rotate 0  # delete immediately
daily

Rotate logs once per day. Logrotate checks the last rotation timestamp in the status file and rotates if 24 h have elapsed.

Examples
daily
weekly

Rotate once per week — when the day of the week is less than the day of the last rotation, or at least 7 days have elapsed.

Examples
weekly
monthly

Rotate once per month — on the first time logrotate runs in a month, after having been run in the previous month.

Examples
monthly
yearly

Rotate once per year — on the first time logrotate runs in a calendar year after the previous year.

Examples
yearly
hourly

Rotate once per hour. Requires logrotate ≥ 3.9.0 AND logrotate must be invoked from cron.hourly (not cron.daily).

Common pitfall: Adding `hourly` to a config that is only triggered by cron.daily achieves nothing — logrotate runs once a day regardless of the directive.

Examples
hourly
# also add to /etc/cron.hourly/logrotate:
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
size <size>

Rotate when the log file reaches this size regardless of time. Units: k (KB), M (MB), G (GB). Size check happens at every logrotate invocation.

Common pitfall: `size` OVERRIDES time-based directives (daily/weekly). If both are in the same block, size wins — daily/weekly have no effect.

Examples
size 100M
size 500k
size 1G
maxsize <size>

Rotate when the file exceeds this size even if the time condition is not yet met. Unlike `size`, it works alongside daily/weekly — rotation happens on size OR on schedule, whichever comes first.

Examples
maxsize 100M
maxsize 500M
minsize <size>

Only rotate if the file is at least this size, even if the time condition is met. Prevents creating empty or near-empty rotated archives.

Examples
minsize 1M
minsize 10M
maxage <days>

Delete rotated log files older than N days. Works independently of the `rotate` count — the older of maxage or rotate count wins.

Common pitfall: Requires logrotate ≥ 3.9.0. On older systems this directive is silently ignored.

Examples
maxage 30
maxage 90
compress

Compress rotated log files with gzip (default compressor). The rotated file gets a .gz extension.

Common pitfall: For live daemons, always pair with `delaycompress` — compressing immediately can race with the daemon finishing writes to the old fd.

Examples
compress
delaycompress
nocompress

Keep rotated files uncompressed (plain text). Use when disk space is plentiful or you need fast access to recent rotated logs without decompressing.

Examples
nocompress
delaycompress

Defer compression by one rotation cycle. The just-rotated file (log.1) stays uncompressed; the previous one (log.2) gets compressed on this run.

Common pitfall: `delaycompress` has no effect without `compress`. Always write both directives together in the same block.

Examples
compress
delaycompress
compresscmd <cmd>

Use an alternative compression command instead of gzip. Common choices: bzip2 (smaller, slower), xz (best ratio, slowest), zstd (fast + good ratio).

Examples
compresscmd /usr/bin/bzip2
compressext .bz2
compresscmd /usr/bin/xz
compressext .xz
compressoptions -9
compresscmd /usr/bin/zstd
compressext .zst
compressoptions -19
compressoptions <flags>

Pass extra flags to the compression command. For gzip: `-9` for maximum compression; `-1` for fastest speed.

Examples
compressoptions -9
compressoptions --fast
compressext .<ext>

File extension appended to compressed rotated files. Defaults to `.gz`. Must match the chosen `compresscmd`.

Examples
compressext .bz2
compressext .xz
compressext .zst
copytruncate

Copy the log file to a new name, then truncate the original to zero length in place. The daemon keeps writing to the same inode — useful for processes that cannot be signalled to reopen their log.

Common pitfall: Data written between the copy and the truncate is silently lost — a race window that can lose several milliseconds of log entries. Prefer `postrotate` + signal for any daemon that supports it.

Examples
copytruncate
copy

Copy the log file to a new name but do NOT truncate the original. Useful for external log shippers that need a snapshot without affecting the live daemon.

Common pitfall: `copy` does not reduce the log file size — the original keeps growing. Pair with a separate truncation step or use it only for archival.

Examples
copy
postrotate / endscript

Script block executed after the log file is rotated. Use it to signal the daemon to reopen its log files. The script runs with /bin/sh.

Common pitfall: A non-zero exit code marks the rotation as failed. Always test your postrotate script with `bash -x` before wiring it in.

Examples
/var/log/nginx/*.log {
    daily
    rotate 14
    compress
    delaycompress
    sharedscripts
    postrotate
        kill -USR1 $(cat /var/run/nginx.pid)
    endscript
}
prerotate / endscript

Script block executed BEFORE the log is rotated. Runs even if the log would not actually be rotated (missingok etc.).

Common pitfall: Unlike postrotate, prerotate also runs when rotation is skipped due to `notifempty` or `size` not being met — guard against false signals.

Examples
/var/log/myapp/*.log {
    weekly
    prerotate
        /usr/local/bin/myapp-flush-buffers
    endscript
    postrotate
        systemctl kill -s USR1 myapp
    endscript
}
firstaction / endscript

Script block executed once before ALL log files in the block are rotated, regardless of how many files match the glob.

Examples
/var/log/myapp/*.log {
    daily
    firstaction
        echo "Starting rotation at $(date)" >> /var/log/rotation-events.log
    endscript
}
lastaction / endscript

Script block executed once after ALL log files in the block are rotated.

Examples
/var/log/myapp/*.log {
    daily
    lastaction
        echo "Rotation done at $(date)" >> /var/log/rotation-events.log
    endscript
}
sharedscripts

Run postrotate / prerotate scripts ONCE for all files matching the glob, not once per file. Essential when the glob matches multiple log files.

Common pitfall: Without `sharedscripts`, `/var/log/nginx/*.log` with two log files sends nginx two SIGUSR1 signals — harmless but redundant. Always add it when using globs.

Examples
/var/log/nginx/*.log {
    daily
    sharedscripts
    postrotate
        kill -USR1 $(cat /var/run/nginx.pid)
    endscript
}
nosharedscripts

Default. Run postrotate / prerotate scripts once per rotated file. Use only when each file needs a different postrotate action.

Examples
nosharedscripts
notifempty

Skip rotation if the log file is empty (zero bytes). Prevents creating useless empty compressed archives.

Examples
notifempty
ifempty

Rotate the log file even if it is empty. This is the default — override with `notifempty` for most production logs.

Examples
ifempty
missingok

Do not report an error if the log file does not exist. Good for services that may be installed but not yet started, or for optional logs.

Common pitfall: `missingok` should NOT be used on logs for critical services — a missing log is often a sign the service is down or misconfigured.

Examples
missingok
nomissingok

Error if the log file does not exist. This is the default — logrotate exits non-zero if a glob matches nothing.

Examples
nomissingok
dateext

Append the date (YYYYMMDD by default) to rotated filenames instead of a numeric suffix. access.log → access.log-20260628.

Common pitfall: If logrotate runs multiple times per day and generates the same date suffix, the second run fails with "log.YYYYMMDD already exists". Use `dateformat` with an hour component for sub-daily rotation.

Examples
dateext
dateext
dateformat -%Y%m%d-%H%M
dateformat <fmt>

Customize the date suffix appended by `dateext`. Accepts strftime format strings. Include `%H%M` for sub-daily rotation to avoid filename collisions.

Examples
dateext
dateformat -%Y-%m-%d
dateext
dateformat -%Y%m%d-%H%M  # hourly without collision
dateyesterday

When using `dateext`, use yesterday's date instead of today's. Useful when rotating at midnight — the rotated file represents yesterday's traffic.

Common pitfall: Requires logrotate ≥ 3.9.0. Silently ignored on older versions.

Examples
dateext
dateyesterday
create <mode> <owner> <group>

Create a new empty log file after rotation, with the specified permissions, owner, and group. Mode is octal. Omit mode/owner/group to use the original file's attributes.

Common pitfall: If the daemon cannot write to the newly-created file (wrong owner/mode), it will silently drop log entries until you fix permissions.

Examples
create 0640 www-data adm
create 0644 nginx nginx
create  # use original file attributes
nocreate

Do NOT create a new log file after rotation. Use when the daemon creates its own log file on the next write, or when using `copytruncate`.

Examples
nocreate
olddir <path>

Move rotated log files to a different directory. Useful for separating live logs from archives on different mount points.

Common pitfall: The olddir must be on the same filesystem as the log file, otherwise logrotate falls back to copy+delete which is slow for large logs.

Examples
olddir /var/log/archive
olddir /mnt/logarchive/nginx
su <user> <group>

Run the rotation as the specified user and group. Required when log files are owned by a non-root user and logrotate runs as root.

Common pitfall: Without `su`, logrotate running as root may create rotated files owned by root, breaking the daemon's write access after the next rotation.

Examples
su www-data www-data
su nginx nginx
tabooext [+] <ext> ...

Skip files with these extensions when logrotate processes a config that itself references a directory. Default list includes: .bak .rpmsave .rpmorig .orig .dpkg-old .dpkg-dist.

Common pitfall: Config files in /etc/logrotate.d/ MUST have no extension. A file named `nginx.conf` is silently skipped by the default tabooext list.

Examples
tabooext + .conf .log  # add .conf and .log to default list
tabooext .bak          # REPLACE default list with just .bak
include <path>

Include another config file or all files in a directory. Standard way to load service-specific configs from /etc/logrotate.d/.

Common pitfall: `include <dir>` is NOT recursive — files in subdirectories are not loaded. Only the top level of the specified directory is read.

Examples
include /etc/logrotate.d
include /etc/logrotate.d/nginx
Daemon signals (6)
kill -USR1 $(cat /var/run/nginx.pid)

Send SIGUSR1 to nginx to reopen its log files. Nginx gracefully completes current requests then starts writing to the new log. Use in a postrotate block.

Common pitfall: If nginx is not running, `cat /var/run/nginx.pid` exits non-zero and the postrotate fails. Guard with: `[ -f /var/run/nginx.pid ] && kill -USR1 $(cat /var/run/nginx.pid)`.

Examples
kill -USR1 $(cat /var/run/nginx.pid)
[ -f /var/run/nginx.pid ] && kill -USR1 $(cat /var/run/nginx.pid) || true
nginx -s reopen
nginx -s reopen

Alternative to SIGUSR1 for nginx. Sends the reopen signal via the nginx master process, which is slightly safer than looking up the PID manually.

Examples
nginx -s reopen
sudo nginx -s reopen
kill -HUP $(cat /var/run/apache2/apache2.pid)

Send SIGHUP to Apache httpd to gracefully reopen log files. Apache completes in-flight requests before reopening.

Common pitfall: On some distros the PID file is at /var/run/httpd/httpd.pid or /run/apache2/apache2.pid. Check `ps aux | grep apache` if the kill fails.

Examples
kill -HUP $(cat /var/run/apache2/apache2.pid)
apachectl graceful
systemctl reload apache2
systemctl kill -s USR1 rsyslog.service

Send SIGUSR1 to rsyslog via systemd to reopen all log files. Preferred over direct kill on systemd systems because it handles socket activation.

Examples
systemctl kill -s USR1 rsyslog.service
systemctl reload rsyslog
kill -USR1 $(cat /var/run/syslogd.pid)
kill -USR1 $(cat /var/run/mysqld/mysqld.pid)

Flush and reopen MySQL general query log and slow query log. SIGUSR1 is equivalent to `FLUSH LOGS` for the file-based logs.

Common pitfall: MySQL binary logs (binlogs) are NOT affected by SIGUSR1 — use `FLUSH BINARY LOGS` inside MySQL for those.

Examples
kill -USR1 $(cat /var/run/mysqld/mysqld.pid)
mysqladmin -u root -p flush-logs
systemctl reload postgresql

Reload PostgreSQL config without dropping connections. PostgreSQL reopens log files on SIGHUP — this is the cleanest way to trigger it via postrotate.

Examples
systemctl reload postgresql
pg_ctlcluster 14 main reload
kill -HUP $(head -1 /var/lib/postgresql/14/main/postmaster.pid)
Common pitfalls (7)
copytruncate race condition

Data written to the log between the copy step and the truncate step is silently dropped. On a high-traffic server writing 10K lines/sec this can lose several seconds of log entries per rotation.

Common pitfall: Mitigation: use `postrotate` + SIGUSR1 for any daemon that supports it. Use `copytruncate` only as a last resort for legacy daemons.

Examples
# AVOID for live daemons:
copytruncate

# PREFER (zero data loss):
sharedscripts
postrotate
    kill -USR1 $(cat /var/run/nginx.pid)
endscript
compress without delaycompress

Compressing the just-rotated file immediately races with the daemon finishing its last write to the old file descriptor. The result can be a corrupt or incomplete .gz archive.

Common pitfall: Always write `compress` and `delaycompress` together in the same block for live daemon logs.

Examples
# CORRECT:
compress
delaycompress

# RISKY for live daemons:
compress
# (no delaycompress)
postrotate exit code ≠ 0

Any non-zero exit from postrotate, prerotate, firstaction, or lastaction marks the rotation failed in the status file. The log file has already been renamed — the daemon is now writing to a ghost path.

Common pitfall: Debug with: `bash -x /tmp/test-postrotate.sh` and confirm exit 0 before wiring into logrotate.

Examples
# Guard against missing PID file:
postrotate
    [ -f /var/run/nginx.pid ] && kill -USR1 $(cat /var/run/nginx.pid) || true
endscript
dateext sub-daily collision

If logrotate runs more than once per day (e.g. hourly) with `dateext` using only date (no time), the second run finds a file like `access.log-20260628` already exists and fails.

Common pitfall: Fix: `dateformat -%Y%m%d-%H%M` adds hour and minute, making each rotation's filename unique within the day.

Examples
# BROKEN for hourly rotation:
dateext
# dateformat -%Y%m%d (default)

# FIXED:
dateext
dateformat -%Y%m%d-%H%M
tabooext silently skips /etc/logrotate.d/ configs

Config files in /etc/logrotate.d/ must have NO extension. Files like `nginx.conf`, `myapp.log`, or `service.bak` are silently ignored by the default tabooext list.

Common pitfall: Correct names: `nginx`, `myapp`, `rsyslog` — plain words, no dot-extension.

Examples
# WRONG — silently skipped:
/etc/logrotate.d/nginx.conf

# CORRECT:
/etc/logrotate.d/nginx
su directive and file ownership

When logrotate runs as root but logs are owned by an app user, rotated files may end up owned by root. The daemon then cannot write to the new log file after a postrotate signal.

Common pitfall: Fix: add `su <user> <group>` and `create <mode> <user> <group>` to set the correct ownership on both the backup and the new log.

Examples
/var/log/myapp/*.log {
    daily
    su myapp myapp
    create 0640 myapp myapp
    rotate 30
}
status file not writable

If the logrotate status file (/var/lib/logrotate/status) is not writable by the user running logrotate, every run sees the log as "not yet rotated" and rotates it again — infinite daily re-rotation.

Common pitfall: Check with: `ls -la /var/lib/logrotate/` and ensure the file is writable by the logrotate process user.

Examples
ls -la /var/lib/logrotate/status
sudo chown root:root /var/lib/logrotate/status
sudo chmod 644 /var/lib/logrotate/status
Config templates (5)
Nginx access + error logs

Production-ready logrotate config for nginx. Rotates daily, keeps 30 days, compresses with a delay, signals nginx once for all log files.

Examples
/var/log/nginx/*.log {
    daily
    rotate 30
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    dateext
    dateformat -%Y%m%d
    create 0640 www-data adm
    postrotate
        [ -f /var/run/nginx.pid ] && kill -USR1 $(cat /var/run/nginx.pid) || true
    endscript
}
Generic application log

General-purpose config for an application that supports SIGUSR1 to reopen its log. Rotate daily, keep 14 days, gzip with delay, create new file with correct ownership.

Examples
/var/log/myapp/*.log {
    daily
    rotate 14
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    dateext
    su myapp myapp
    create 0640 myapp myapp
    postrotate
        systemctl kill -s USR1 myapp.service || true
    endscript
}
rsyslog / syslog system logs

Standard config for /var/log/syslog, messages, kern.log etc. Weekly rotation, 4 weeks retention, compressed, signals rsyslog once.

Examples
/var/log/syslog
/var/log/messages
/var/log/kern.log
/var/log/auth.log
{
    weekly
    rotate 4
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}
Docker file-based log

Config for Docker containers using the `json-file` log driver with output redirected to a named path. Uses copytruncate because Docker's log daemon cannot reopen files via signal.

Examples
/var/lib/docker/containers/*/*-json.log {
    daily
    rotate 7
    compress
    delaycompress
    notifempty
    missingok
    copytruncate
    maxsize 100M
}
MySQL slow query log

Rotate MySQL slow query log daily. Uses mysqladmin flush-logs to safely reopen the file — avoids SIGUSR1 complications with binary logs.

Common pitfall: FLUSH LOGS also rotates binary logs — if you only want to reopen text logs, use `FLUSH SLOW LOGS` or `FLUSH ERROR LOGS` (MySQL 5.7+).

Examples
/var/log/mysql/mysql-slow.log {
    daily
    rotate 14
    compress
    delaycompress
    notifempty
    missingok
    su mysql mysql
    create 0640 mysql adm
    postrotate
        mysqladmin -u root -p"${MYSQL_ROOT_PASS}" flush-slow-logs 2>/dev/null || true
    endscript
}

What this tool does

Searchable logrotate cheat sheet covering every directive, CLI flag, and postrotate signal pattern that ops engineers reach for during an on-call shift. Five categories with 60+ entries: CLI commands (logrotate -d dry-run, -f force, -v verbose, -s custom status file, per-config debug), config directives (rotate N, daily / weekly / monthly / yearly / hourly / size / maxsize / minsize / maxage, compress + delaycompress, copytruncate vs default rename, postrotate / prerotate / firstaction / lastaction, sharedscripts, notifempty, missingok, dateext + dateformat + dateyesterday, create + nocreate, olddir, su, tabooext, include), daemon reload signals for nginx / Apache / rsyslog / MySQL / PostgreSQL in postrotate blocks, common pitfalls (copytruncate race, compress-without-delaycompress, exit codes that abort rotation, dateext collision, tabooext surprises, su requirement), and five copy-ready config templates (nginx access + error logs, generic application log, rsyslog system logs, Docker file-based log, MySQL slow query log). Every entry shows the directive or command, a bilingual EN / ZH description, the gotcha to watch for, and one or more copy-ready examples. Filter by category, type to search across directive + description + pitfall + example, one-click copy. 100% client-side, nothing leaves the browser.

Tool details

Input
Text
The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output
Live result + Copy
The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy
Browser-side processing
The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share
Shareable URL state
Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget
Initial JS <= 32 KB
No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit
Developer & DevOps · Operations
Category and role tags drive related tools, internal links, and quick fit checks.

How to use

  1. 1. Input

    Paste or drop your content into the tool panel.

  2. 2. Process

    Click the button. All processing is local in your browser.

  3. 3. Copy / Download

    Copy the result or download to disk in one click.

How Logrotate Cheatsheet fits into your work

Use it in the small gaps between coding, reviewing, debugging, and shipping.

Developer jobs

  • Formatting, validating, shrinking, or inspecting code-adjacent text.
  • Preparing snippets for documentation, tickets, commits, or handoff.
  • Checking a small payload quickly without switching tools.

Developer checks

  • Run irreversible transforms like minify or obfuscate on a copy.
  • Keep secrets out of pasted snippets unless the tool explicitly stays local.
  • Use your normal tests or linter before shipping transformed code.

Good next steps

These links move the current task into a more complete workflow.

  1. 1 Nginx Cheatsheet Nginx cheat sheet — common configs, location/server blocks, SSL, reverse proxy, gzip, real examples & gotchas. Open
  2. 2 Bash Cheatsheet Bash cheat sheet — 100+ commands & idioms for variables, conditionals, loops, functions, pipes, traps, with real one-liners. Open
  3. 3 awk + sed Cheatsheet awk + sed cheat sheet — 80+ one-liners for text processing, with real examples and common pitfalls. Open

Real-world use cases

  • Debug a new logrotate config without touching live logs

    You just wrote a config for a new microservice log at /var/log/myapp/*.log. Run `logrotate -d /etc/logrotate.d/myapp` and logrotate prints exactly which files match, what rotation would happen, and whether the postrotate script has syntax issues — without rotating a single byte. Fix problems in the dry-run loop before using `logrotate -f` to actually trigger the first rotation.

  • Stop nginx from writing to a moved log file after rotation

    After logrotate renames access.log to access.log.1, nginx keeps an open file descriptor to the old inode and writes new traffic there — your fresh access.log stays empty until the next nginx restart. Search "signal" in this cheatsheet, copy the nginx postrotate block with `kill -USR1 $(cat /var/run/nginx.pid)`, and nginx reopens its log files immediately. Pair with `sharedscripts` so the signal fires once for all nginx logs.

  • Safely rotate logs for a daemon that cannot reopen files

    A legacy Python service opens /var/log/pyapp/app.log at startup and never closes it. Search "copytruncate" and add the directive to the config block. Logrotate copies the contents to app.log.1 then truncates the original in place — the Python process continues writing to the same inode while you get an archive copy. The cheatsheet also shows the race-window pitfall so you know what data can be lost in the gap between copy and truncate.

Common pitfalls

  • Missing `sharedscripts` with a glob pattern — postrotate fires once per matched file, sending redundant reload signals to the daemon.

  • Using `compress` without `delaycompress` for live daemons — the gzip step races with the daemon finishing its last write to the old fd, producing a corrupt .gz archive.

  • Naming logrotate config files with an extension (e.g. `nginx.conf` in /etc/logrotate.d/) — the default `tabooext` list silently skips .conf files.

Privacy

This cheat sheet is a single static page. Search filters an in-memory array of directives entirely in your browser — your logrotate configs are never uploaded, never parsed on a server, and never put into the URL. Safe on air-gapped servers and ops bastions.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Made by Toolora · 100% client-side · Updated 2026-07-01