- Delete all of /var/log?
- 10 Answers 10
- How to Empty System Log Files in Linux
- Create A Sample Log File
- Clear Logs in Linux Using Cat Command
- Use Redirection Operator To Clear Log In Linux
- Empty Log File Using ‘true’ Command In Linux
- Clear Logs in Linux Using Truncate Command
- Clear Log In Linux Using dd Command
- Truncate Logs In Linux Using Echo Command
- Clear Logs In Linux Using Logrotate Tool
Delete all of /var/log?
Can I delete everything in /var/log ? Or should I only delete files (recursively) in /var/log but leave folders? Does anyone have a good rm command line? (My admin skills leave me nervous.) Note: I am using Debian. I am not sure what version.
Deleting log files is a bad idea (you’ll also need to find every running process that has it’s own log file and «kill -HUP» it, a soft restart that will result in the program recreating any necessary log files). I would strongly advise against deleting log files, rely on utilities like logrotate to manage the contents of /var/log for you automatically (it does stuff like HUP the processes) If I may I’d like to tackle this from a different angle. What problem are you trying to resolve that’s led you to consider this?
10 Answers 10
Instead of deleting the files you should rotate them, e. g. using logrotate .
You never know when you’ll actually need the logs from some time ago, so it’s better to archive them (up to a reasonable age, e. g. 3 months).
logrotate can compress your old log files so they don’t occupy a lot of disk space.
Well, IMHO deleting all logs can make perfect sense in some cases. For example I want to build a Virtial Machine image to be used for new deployments. Needless to say I would like it to be a really clean system without any logs, histories, caches etc. saved.
Sorry, but looking at three months old log files is archeology. If you collect logs to identify problems, then evaluate them quickly.
@countermode You are never in the mood for nostalgia? Like looking at the 3 month old log files thinking about good ol’ times?
OK, I see the command. How to use it? man logrotate says use it in cron. I suppose with the -f option?
find /var/log -type f -delete
Delete all .gz and rotated file
find /var/log -type f -regex ".*\.gz$" find /var/log -type f -regex ".*\.3$"
Try run command without «-delete», to test it.
If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don’t exist. They expect at least an empty file to be present. So the direct answer to your question actually is «Do not do this. «.
As joschi has pointed out, there is no reason to do this. I have debian servers running that haven’t had a single log file deleted in years.
There are valid reasons to remove log files, IMHO. For instance, you are exporting a virtual machine for use by others, but you don’t want the virtual machine image to contain details of everything that has happened before exporting.
One reason could be, in a scenario where you’re trying to cover the tracks of a system intrusion, although I think this would make a lot of noise.
A reason could also be to simply optimize the space before exporting a virtual machine. This then results in a smaller template file.
I’m cloning virtual machines from a master. It makes perfect sense to clear the log on the master so that when you boot the clones you won’t get the master’s log. I did in tcsh:
cd /var/log foreach ii ( `find . -type f` ) foreach? cp /dev/null $ii foreach? end
which clears the logs but keeps the files.
Cleaning all logs on a Linux system without deleting the files:
for CLEAN in $(find /var/log/ -type f) do cp /dev/null $CLEAN done
Samba ( /var/www/samba ) creates log file-names with ip addresses, you may want to delete them:
for CLEAN in $(find /var/log/samba -type f) do rm -rf $CLEAN done
You can use the option ctime to find old files. for example:
As bindbn explain, first try the find fetch files and after use the option delete 😀
/var/log often has permissions of drwxrwxr-x , so is not user writable unless the user is root or belongs to a privileged group. That means new log files cannot be created by non-privileged users.
Applications that expect to log to a point within /var/log will often touch a file into existence somewhere in the /var/log hierarchy during install time (which often occurs with elevated privileges), and will chmod and possibly chown it at that time to permissions appropriate for the unprivileged users who will be using the application.
Apache logs, for example, are usually written to by nobody , who is a user with as few privileges as possible for Apache to get its job done without putting the system at undue risk. But even a more run-of-the-mill application often expects to be able to write to a logfile in /var/log .
So what happens if the logfile, and the path to the logfile don’t exist? That’s entirely up to the application. Some applications will quietly skip logging. Others will create a lot of warnings. And others will simply bail out. There’s no hard-fast rule; it’s up to the vigilance of the application developer, as well as how critical the developer considers its ability to log. At best the application will attempt to either write to, or possibly create and then write to a log file at a destination within /var/log , and will find itself unable to do so because it’s being run by a user who doesn’t have privileges to write into that part of the filesystem.
So the short answer is no, don’t delete everything in /var/log — it breaks the contract users with sufficient privileges to do such things have with the applications that run on their system, and will cause some noise, some silent failure to log, and some all-out breakage.
The appropriate action to take is to set up logrotate with appropriate config files. Typically rotation will be associated with a cron job. Rotation can be interval based, or size based, or both. It’s even possible to set up rules that avoid interval based rotation if the logfile is still empty when the interval expires. Rotation can include mailing of logfiles, compression, deletion, shredding, and so on.
The average user wouldn’t need to be too concerned about log rotation. Developers would probably want to ensure that logs they use have rotation rules established. In fact, it is likely good manners on the part of developers to set up log rotation at install time for any software-specific logs that software will be creating and writing.
How to Empty System Log Files in Linux
Logging is a normal operation that the Linux operating system performs constantly to maintain different types of messages in various log files.
If you’re maintaining a Linux server, it’s most likely that you might have come across an issue of running out of disk space. In such a situation, emptying huge log files mainly resolve the problem.
Using the rm command to directly delete log files is what you should avoid as it can leave you in a messed up situation. In this article, we’ll see various methods to clean up log files in Linux without deleting the actual file entirely.
Create A Sample Log File
Before we jump to the main topic, let’s first create a sample log file on which we’re going to perform operations. The same steps you can follow for your desired log files by using the sudo privileges.
To make a sample log file, you can use the fallocate utility using the below command:
It will give us a file with a 5MB size, which you can verify using the ls command.
Clear Logs in Linux Using Cat Command
Concatenating the popular cat command with the /dev/null device file in Linux, you can easily empty the content of a log file.
In case you don’t know, /dev/null is a special file in Linux that helps in disappearing anything written or streamed to it returning the empty output.
To clear or empty any log file, just issue the following command.
$ cat /dev/null > app.log $ ls -lh app.log
As you can see, instead of completely deleting the file, the command only removed the file content making its size zero.
Use Redirection Operator To Clear Log In Linux
Redirection Operator (>) is one of the easiest ways to empty the log files in the Linux operating system. Just using the redirection operator with the log filename on the right side and nothing on the left side redirects Null to the file by making it blank.
Empty Log File Using ‘true’ Command In Linux
Attaching the colon (:) symbol to the left of the redirection operator makes another built-in true command that also does the same work as the redirection operator.
You can use it as given below:
Likewise, you can add true in place of :> symbol to perform the same task.
Clear Logs in Linux Using Truncate Command
As the meaning of the name says “removing part of something”, truncate is also yet another Linux utility that helps to free up space by shrinking the size of the file without deleting the file entirely.
You can utilize the truncate Linux command with the -s option that defines the file size to empty a file content. Giving a size of zero (0) is equivalent to making file content NULL or adjusting the file size to 0 bytes.
As you can see in the above screenshot, we create a file app.log with a size of 5MB. Then, using a truncate command, we readjusted its size to zero without deleting the file itself.
Clear Log In Linux Using dd Command
I’m sure you must have used the dd (disk/data duplicator) command line utility to create a bootable USB without destroying your disk. The way you copy an image file to a USB boot drive, likewise, you can write blank off to your log file by just changing the input and output file.
Here, “if” denotes the input file that you want to write to the output file as denoted by “of” .
Truncate Logs In Linux Using Echo Command
The echo command is mainly used to print or send messages in the terminal. The same functionality of the echo command can utilize to send a null output to the log file.
Simply run the below command to redirect the empty to the file:
$ echo "" > app.log Or $ echo > app.log
However, if you see in the above screenshot, the file size is still not zero meaning the file is not completely empty. This is because we redirected an empty string which is not the same as NULL.
So, to send a null output to the file and make file size zero, you also need to use the -n flag with the echo command that restricts any trailing newline or leaving any empty line as happened in the above case.
Now the file size becomes zero and there is no content in the log file.
Clear Logs In Linux Using Logrotate Tool
Coming to the last and considered one of the best-automated methods, you can also use a logrotate tool that is built specifically to manage logs. It helps in the automatic rotation, compression, and removal of log files.
Check out the separate article on how to rotate logs with Logrotate in Linux for more information.
Finally, we learned to use different command line utilities to clear logs without deleting the files entirely in the Linux operating system. You can explore each command separately to use it along with Cronjob to automate the clean-up of logs at regular intervals of time.