- How to Empty System Log Files in Linux
- Create A Sample Log File
- Clear Logs in Linux Using Cat Command
- Use Redirection Operator To Clear Log In Linux
- Empty Log File Using ‘true’ Command In Linux
- Clear Logs in Linux Using Truncate Command
- Clear Log In Linux Using dd Command
- Truncate Logs In Linux Using Echo Command
- Clear Logs In Linux Using Logrotate Tool
- How to Clear Systemd Journal Logs
- Clearing systemd journal logs
- 1. Clear journal log older than x days
- 2. Restrict logs to a certain size
- 3. Restrict number of log files
- Automatically clearing old log files [Requires intermediate knowledge of command line]
How to Empty System Log Files in Linux
Logging is a normal operation that the Linux operating system performs constantly to maintain different types of messages in various log files.
If you’re maintaining a Linux server, it’s most likely that you might have come across an issue of running out of disk space. In such a situation, emptying huge log files mainly resolve the problem.
Using the rm command to directly delete log files is what you should avoid as it can leave you in a messed up situation. In this article, we’ll see various methods to clean up log files in Linux without deleting the actual file entirely.
Create A Sample Log File
Before we jump to the main topic, let’s first create a sample log file on which we’re going to perform operations. The same steps you can follow for your desired log files by using the sudo privileges.
To make a sample log file, you can use the fallocate utility using the below command:
It will give us a file with a 5MB size, which you can verify using the ls command.
Clear Logs in Linux Using Cat Command
Concatenating the popular cat command with the /dev/null device file in Linux, you can easily empty the content of a log file.
In case you don’t know, /dev/null is a special file in Linux that helps in disappearing anything written or streamed to it returning the empty output.
To clear or empty any log file, just issue the following command.
$ cat /dev/null > app.log $ ls -lh app.log
As you can see, instead of completely deleting the file, the command only removed the file content making its size zero.
Use Redirection Operator To Clear Log In Linux
Redirection Operator (>) is one of the easiest ways to empty the log files in the Linux operating system. Just using the redirection operator with the log filename on the right side and nothing on the left side redirects Null to the file by making it blank.
Empty Log File Using ‘true’ Command In Linux
Attaching the colon (:) symbol to the left of the redirection operator makes another built-in true command that also does the same work as the redirection operator.
You can use it as given below:
Likewise, you can add true in place of :> symbol to perform the same task.
Clear Logs in Linux Using Truncate Command
As the meaning of the name says “removing part of something”, truncate is also yet another Linux utility that helps to free up space by shrinking the size of the file without deleting the file entirely.
You can utilize the truncate Linux command with the -s option that defines the file size to empty a file content. Giving a size of zero (0) is equivalent to making file content NULL or adjusting the file size to 0 bytes.
As you can see in the above screenshot, we create a file app.log with a size of 5MB. Then, using a truncate command, we readjusted its size to zero without deleting the file itself.
Clear Log In Linux Using dd Command
I’m sure you must have used the dd (disk/data duplicator) command line utility to create a bootable USB without destroying your disk. The way you copy an image file to a USB boot drive, likewise, you can write blank off to your log file by just changing the input and output file.
Here, “if” denotes the input file that you want to write to the output file as denoted by “of” .
Truncate Logs In Linux Using Echo Command
The echo command is mainly used to print or send messages in the terminal. The same functionality of the echo command can utilize to send a null output to the log file.
Simply run the below command to redirect the empty to the file:
$ echo "" > app.log Or $ echo > app.log
However, if you see in the above screenshot, the file size is still not zero meaning the file is not completely empty. This is because we redirected an empty string which is not the same as NULL.
So, to send a null output to the file and make file size zero, you also need to use the -n flag with the echo command that restricts any trailing newline or leaving any empty line as happened in the above case.
Now the file size becomes zero and there is no content in the log file.
Clear Logs In Linux Using Logrotate Tool
Coming to the last and considered one of the best-automated methods, you can also use a logrotate tool that is built specifically to manage logs. It helps in the automatic rotation, compression, and removal of log files.
Check out the separate article on how to rotate logs with Logrotate in Linux for more information.
Finally, we learned to use different command line utilities to clear logs without deleting the files entirely in the Linux operating system. You can explore each command separately to use it along with Cronjob to automate the clean-up of logs at regular intervals of time.
How to Clear Systemd Journal Logs
This quick tutorial shows you two ways to clear systemd journal logs from your Linux system.
This quick tutorial shows you two ways to clear systemd journal logs from your Linux system.
The systemd journal is systemd’s own logging system. It is equivalent to the syslog in the init system. It collects and stored kernel logging data, system log messages, standard output, and errors for various systemd services.
A Linux machine with systemd writes the logs to /var/log/journal directory. If you remember the Linux directory structure, /var is where the system logs are stored.
You can either manually view the log files using less command or use the journalctl command. To view all the latest logs, use the command with the reverse option.
The thing with logging is that over time, it starts to grow big. And if you check the disk space in Linux, you’ll see that sometimes, it takes several GB of space.
Let me show you how to clean systemd journal logs and free up disk space on your Linux system.
Clearing systemd journal logs
First, check the space taken by journal logs with the du command:
You can also use the journalctl command for the same task:
Both commands should give approximately the same result:
[email protected]:~$ journalctl --disk-usage Archived and active journals take up 1.6G in the file system. [email protected]:~$ sudo du -sh /var/log/journal/ 1.7G /var/log/journal/Now that you know how much space the journal logs take, you can decide if you want to clear the logs or not. If you decide to clear the journal logs, let me show you a couple of ways of doing it.
You can, of course, use the rm command to delete the files in the log folder but I won’t advise that. The journalctl command gives you the proper way of handling old logs.
First thing you should do is to rotate journal files. This will mark the currently active journal logs as archive and create fresh new logs. It’s optional but a good practice to do so.
Now you have three ways to clear old journal logs. You delete logs older than a certain time, or you delete older log files so that the total log size is limited to the predefined disk space, or you limit the number of log files. Let’s see how to use all three methods.
1. Clear journal log older than x days
Keep in mind that logs are important for auditing purposes so you should not delete all of them at the same time. Let’s say you want to keep the log history of just two days. To delete all entries older than two days, use this command:
sudo journalctl --vacuum-time=2dHere’s what the output may look like:
Vacuuming done, freed 1.6G of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18cYou can also change the provide time frame in hours like 2h, in minutes like 2m, in seconds like 2s. If you want bigger time units, you can 2weeks, 2months as well.
2. Restrict logs to a certain size
Another way is to restrict the log size. This will delete the journal log files until the disk space taken by journal logs falls below the size you specified.
sudo journalctl --vacuum-size=100MThis will reduce the log size to around 100 MB.
Vacuuming done, freed 40.0M of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c.You can specify the size in GB with G, MB with M, KB with K etc.
3. Restrict number of log files
The third way is to limit the number of log files. The journalctl usually has log files for the system and for the users. As the logs get old, they are archived in various files.
You can limit the number of archive log files. Let’s say you want to have only five log files.
It will remove the older archive log files leaving only the specified number of log files.
Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]5988c0982.journal (8.0M). Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]9747a2ebd5a3.journal (48.0M). Deleted archived journal /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c/[email protected]7a32024d0.journal (48.0M). Vacuuming done, freed 104.0M of archived journals from /var/log/journal/1b9ab93094fa4978beba80fd3c48a18c.Automatically clearing old log files [Requires intermediate knowledge of command line]
What you just did will clean the log files for now. In a month, the logs will increase again. You can manually clean them with one of the methods described above. But that is a tedious task and you may not remember to do that regularly.
The good thing is that you can configure systemd to automatically handle old log files.
The journalctl has configuration file at /etc/systemd/journald.conf. There are settings which are commented out. The commented lines basically indicate the default value of those settings parameters (even if they are commented out).
You can change some of these default settings to automatically clean the log files.
You would want to change the following settings:
| Setting | Description |
|---|---|
| SystemMaxUse | Max disk space logs can take |
| SystemMaxFileSize | Max size of an INDIVIDUAL log file |
| SystemMaxFiles | Max number of log files |
Please note that you should be careful while editing configuration files. You must be comfortable using a terminal-based text editor like Vim, Emacs or Nano so that you don’t make silly mistakes while editing the conf file.
I advise to make a backup of the configuration file first:
cp /etc/systemd/journald.conf /etc/systemd/journald.conf.backNow, you should uncomment (remove the # at the beginning of the line) the setting you want to use. For example, I want to restrict the maximum disk space taken by the log files to 250 MB.
You’ll have to use Vim or some other terminal based editor in order to edit this configuration file. Here’s what it looks like me after editing the file.
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See journald.conf(5) for details. [Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=1000 SystemMaxUse=250M #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100 Keep in mind that after editing the configuration file, you should load the changes:
sudo systemctl restart systemd-journaldThe journald.conf file can be used to tweak the journalctl settings even further. You can even set the levels of log (info, debug, error etc) you want to see. It’s up to you if you want to change those settings as well.
I hope you like this tip to clear systemd journal log files. If you have any questions or suggestions, please leave a comment below.