Delete all of /var/log?
Can I delete everything in /var/log ? Or should I only delete files (recursively) in /var/log but leave folders? Does anyone have a good rm command line? (My admin skills leave me nervous.) Note: I am using Debian. I am not sure what version.
Deleting log files is a bad idea (you’ll also need to find every running process that has it’s own log file and «kill -HUP» it, a soft restart that will result in the program recreating any necessary log files). I would strongly advise against deleting log files, rely on utilities like logrotate to manage the contents of /var/log for you automatically (it does stuff like HUP the processes) If I may I’d like to tackle this from a different angle. What problem are you trying to resolve that’s led you to consider this?
10 Answers 10
Instead of deleting the files you should rotate them, e. g. using logrotate .
You never know when you’ll actually need the logs from some time ago, so it’s better to archive them (up to a reasonable age, e. g. 3 months).
logrotate can compress your old log files so they don’t occupy a lot of disk space.
Well, IMHO deleting all logs can make perfect sense in some cases. For example I want to build a Virtial Machine image to be used for new deployments. Needless to say I would like it to be a really clean system without any logs, histories, caches etc. saved.
Sorry, but looking at three months old log files is archeology. If you collect logs to identify problems, then evaluate them quickly.
@countermode You are never in the mood for nostalgia? Like looking at the 3 month old log files thinking about good ol’ times?
OK, I see the command. How to use it? man logrotate says use it in cron. I suppose with the -f option?
find /var/log -type f -delete Delete all .gz and rotated file
find /var/log -type f -regex ".*\.gz$" find /var/log -type f -regex ".*\.3$" Try run command without «-delete», to test it.
If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don’t exist. They expect at least an empty file to be present. So the direct answer to your question actually is «Do not do this. «.
As joschi has pointed out, there is no reason to do this. I have debian servers running that haven’t had a single log file deleted in years.
There are valid reasons to remove log files, IMHO. For instance, you are exporting a virtual machine for use by others, but you don’t want the virtual machine image to contain details of everything that has happened before exporting.
One reason could be, in a scenario where you’re trying to cover the tracks of a system intrusion, although I think this would make a lot of noise.
A reason could also be to simply optimize the space before exporting a virtual machine. This then results in a smaller template file.
I’m cloning virtual machines from a master. It makes perfect sense to clear the log on the master so that when you boot the clones you won’t get the master’s log. I did in tcsh:
cd /var/log foreach ii ( `find . -type f` ) foreach? cp /dev/null $ii foreach? end which clears the logs but keeps the files.
Cleaning all logs on a Linux system without deleting the files:
for CLEAN in $(find /var/log/ -type f) do cp /dev/null $CLEAN done Samba ( /var/www/samba ) creates log file-names with ip addresses, you may want to delete them:
for CLEAN in $(find /var/log/samba -type f) do rm -rf $CLEAN done You can use the option ctime to find old files. for example:
As bindbn explain, first try the find fetch files and after use the option delete 😀
/var/log often has permissions of drwxrwxr-x , so is not user writable unless the user is root or belongs to a privileged group. That means new log files cannot be created by non-privileged users.
Applications that expect to log to a point within /var/log will often touch a file into existence somewhere in the /var/log hierarchy during install time (which often occurs with elevated privileges), and will chmod and possibly chown it at that time to permissions appropriate for the unprivileged users who will be using the application.
Apache logs, for example, are usually written to by nobody , who is a user with as few privileges as possible for Apache to get its job done without putting the system at undue risk. But even a more run-of-the-mill application often expects to be able to write to a logfile in /var/log .
So what happens if the logfile, and the path to the logfile don’t exist? That’s entirely up to the application. Some applications will quietly skip logging. Others will create a lot of warnings. And others will simply bail out. There’s no hard-fast rule; it’s up to the vigilance of the application developer, as well as how critical the developer considers its ability to log. At best the application will attempt to either write to, or possibly create and then write to a log file at a destination within /var/log , and will find itself unable to do so because it’s being run by a user who doesn’t have privileges to write into that part of the filesystem.
So the short answer is no, don’t delete everything in /var/log — it breaks the contract users with sufficient privileges to do such things have with the applications that run on their system, and will cause some noise, some silent failure to log, and some all-out breakage.
The appropriate action to take is to set up logrotate with appropriate config files. Typically rotation will be associated with a cron job. Rotation can be interval based, or size based, or both. It’s even possible to set up rules that avoid interval based rotation if the logfile is still empty when the interval expires. Rotation can include mailing of logfiles, compression, deletion, shredding, and so on.
The average user wouldn’t need to be too concerned about log rotation. Developers would probably want to ensure that logs they use have rotation rules established. In fact, it is likely good manners on the part of developers to set up log rotation at install time for any software-specific logs that software will be creating and writing.
Delete All .log files execept for one
I want to delete all files with .log extension on except for one. Is it possible to do that delete all .log files from all folders except for mongodb log files?
2 Answers 2
You can use find command, but be careful while using it — you might end up removing everything you have.
- Important: First you have to run the command without the -delete option to make sure the output is what you want to delete. Notice that -name looks for exact filename.
$ find -not -name mongodb.log -name "*.log" $ find -not -name mongodb.log -name "*.log" -delete Example
Imagine we have these files:
$ ls 1.log 2.log 3.log 4.log 5.log bar foo mongodb.log Let’s list all *.log excluding mongodb.log . Check the output and make sure it doesn’t contain anything except log files.
$ find -not -iname mongodb.log -name "*.log" $ find -not -iname mongodb.log -name "*.log" -delete Check again and you will see the log files are gone as expected but mongodb.log remains there.
To delete all files except the one named mongodb.log , you can use extended globbing. First, enable the option:
Or, to delete only files with a .log extension, but not mongodb.log , you can do:
$ ls file1 file2 file3.log file4.log file5.log mongodb.log $ rm !(mongodb).log $ ls file1 file2 mongodb.log if you need this to be recursive, to match files in subdirectories as well, you can use the globstar option:
$ tree . ├── bar │ └── baz │ └── bad │ ├── file1 │ ├── file2 │ ├── file3.log │ ├── file4.log │ ├── file5.log │ └── mongodb.log ├── file1 ├── file2 ├── file3.log ├── file4.log ├── file5.log └── mongodb.log $ rm **/!(mongodb).log $ tree . ├── bar │ └── baz │ └── bad │ ├── file1 │ ├── file2 │ └── mongodb.log ├── file1 ├── file2 └── mongodb.log 3 directories, 6 files If the extglob shell option is enabled using the shopt builtin, several extended pattern matching operators are recognized. In the following description, a pattern-list is a list of one or more patterns separated by a |. Composite patterns may be formed using one or more of the fol‐ lowing sub-patterns:
?(pattern-list) Matches zero or one occurrence of the given patterns *(pattern-list) Matches zero or more occurrences of the given patterns +(pattern-list) Matches one or more occurrences of the given patterns @(pattern-list) Matches one of the given patterns !(pattern-list) Matches anything except one of the given patterns globstar
If set, the pattern ** used in a pathname expansion context will match all files and zero or more directories and subdirectories. If the pattern is followed by a /, only directories and subdirectories match.
Remove log files using cron job
Hi. I want to remove all log files from the last 7 days from a folder, but leave all the other files. Can I use the below command? How do you specify that it just delete the files with .log extension?
find /path/to/file -mtime +7 -exec rm -f <> \; Do I need to write this command into some file, or can I just write it in command prompt and have it run automatically every day? I have no idea how to run a cron job in linux.
8 Answers 8
Use wildcard. And just put it in your crontab use the crontab -e option to edit your crontab jobs.
See example:
* * * * * find /path/to/*.log -mtime +7 -exec rm -f <> \; You edit your personal crontab by running crontab -e . This gets saved to /var/spool/cron/ . The file will be the owners username, so root would be /var/spool/cron/root. Everything in the file is run as the owner of the file.
The syntax for crontab is as follows:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr . # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed When you are editing your own personal crontab, via crontab -e , you leave out the user-name field, because the user is inferred by the filename (see first paragraph).
That being said, your entry should look like this:
0 5 * * * find /path/to/*.log -mtime +7 -delete This will run every day, at 5:00 AM, system time. I don’t think you need it to run any more frequently than daily, given the fact that you are removing files that are 7 days old.
Please don’t use over use the -exec option, when the -delete option does exactly what you want to do. The exec forks a shell for every file, and is excessively wasteful on system resources.
When you are done, you can use crontab -l to list your personal crontab.
ps. The default editor on most Linux systems is vi, if you do not know vi, use something simple like nano by setting your environ variable export EDITOR=nano