Best practice for purging log files?

scottz1 · October 7, 2021, 6:29pm

I'm using letsencrypt on Ubuntu/nginx. I have over a hundred letsencrypt.log.nn files in /var/log

I read

and

but they cover other topics and I'm wondering if there is a simplified best practice to prevent these logs from collecting?

Thanks!

rg305 · October 7, 2021, 8:34pm

I see what you mean:
-rw-r--r-- 1 root root 4418 Sep 24 2017 letsencrypt.log.509

rg305 · October 7, 2021, 8:52pm

This might do the trick:
[this will delete all the ones > .99 and compressed files]

rm /var/log/letsencrypt/*.??0
rm /var/log/letsencrypt/*.??1
rm /var/log/letsencrypt/*.??2
rm /var/log/letsencrypt/*.??3
rm /var/log/letsencrypt/*.??4
rm /var/log/letsencrypt/*.??5
rm /var/log/letsencrypt/*.??6
rm /var/log/letsencrypt/*.??7
rm /var/log/letsencrypt/*.??8
rm /var/log/letsencrypt/*.??9
rm /var/log/letsencrypt/*.??9
rm /var/log/letsencrypt/*.gz

Nummer378 · October 7, 2021, 9:35pm

On my Debian systems, the logrotate package takes care of deleting these logfiles in reasonable intervals. I believe this should be installed and enabled by default on Debian/Ubuntu systems, and I also found a logrotate script (I presume this was added by the debian certbot package):

cat /etc/logrotate.d/certbot

/var/log/letsencrypt/*.log {
    rotate 12
    weekly
    compress
    missingok
}

rg305 · October 7, 2021, 9:57pm

@Nummer378
So how can one limit the number of files logrotate keeps?
[don't say RTFM - LOL]

Nummer378 · October 7, 2021, 10:09pm

This is controlled by the rotate option. So the rotate 12 directive as shown above will keep 12 files and delete files older than 12 * interval. The weekly directive then says that files should be rotated weekly (which is the interval). You can also use keywords like daily.

rg305 · October 7, 2021, 10:14pm

@Nummer378
I fail to see that action in practice
I have:

/var/log/letsencrypt/*.log {
    rotate 12
    weekly
    compress
    missingok

And it went to:
-rw-r--r-- 1 root root 4418 Sep 24 2017 letsencrypt.log.509
[never deleted a single log]

Nummer378 · October 7, 2021, 10:16pm

This doesn't look like files created by logrotate.

The logrotate option says 'compress', which means gzip the files. This causes logrotate to create files ending with .gz. Your example filename doesn't end with .gz, so it looks like someone else has created those files, but not logrotate.

Here's an example how it looks on my system:

/var/log/letsencrypt # ls
letsencrypt.log  letsencrypt.log.1.gz  letsencrypt.log.2.gz  letsencrypt.log.3.gz  letsencrypt.log.4.gz  letsencrypt.log.5.gz  letsencrypt.log.6.gz  letsencrypt.log.7.gz  letsencrypt.log.8.gz  letsencrypt.log.9.gz letsencrypt.log.10.gz  letsencrypt.log.11.gz  letsencrypt.log.12.gz

rg305 · October 7, 2021, 10:20pm

Maybe there are two systems at play...
There were also .gz flles.

scottz1 · October 8, 2021, 1:47am

A lot of the content in these files appears to be DEBUG statements. I know it's a tiny amount of i/o but is there a way to get a non-debug build?
In what scenarios should we need these files?

Osiris · October 8, 2021, 7:46am

Asking for help on this Community mainly

@Nummer378 I don't understand your logrotate. Your configuration says it should keep 12 weeks of logs, but your ls command only shows 12 log files. But certbot usually runs twice a day, so you should have 168 log files in total? Or do you run certbot just once a week?

rg305 · October 8, 2021, 10:34am

@Osiris @Nummer378
Maybe showing the dates might better explain things:
ls -l /var/log/letsencrypt

Nummer378 · October 8, 2021, 2:12pm

I've got to admit, I haven't run certbot in over a year, so currently it doesn't run at all and I just realized that all logfiles are empty (so logrotate just rotates empty files, a notifempty directive would have been useful here...). Back then I believe I used the timer from the package, so probably twice a day?

-rw-r--r-- 1 root root  0 Okt  3 00:00 letsencrypt.log
-rw-r--r-- 1 root root 20 Jul 25 00:00 letsencrypt.log.10.gz
-rw-r--r-- 1 root root 20 Jul 18 00:00 letsencrypt.log.11.gz
-rw-r--r-- 1 root root 20 Jul 11 00:00 letsencrypt.log.12.gz
-rw-r--r-- 1 root root 20 Sep 26 00:00 letsencrypt.log.1.gz
-rw-r--r-- 1 root root 20 Sep 19 00:00 letsencrypt.log.2.gz
-rw-r--r-- 1 root root 20 Sep 12 00:00 letsencrypt.log.3.gz
-rw-r--r-- 1 root root 20 Sep  5 00:00 letsencrypt.log.4.gz
-rw-r--r-- 1 root root 20 Aug 29 00:00 letsencrypt.log.5.gz
-rw-r--r-- 1 root root 20 Aug 22 00:00 letsencrypt.log.6.gz
-rw-r--r-- 1 root root 20 Aug 15 00:00 letsencrypt.log.7.gz
-rw-r--r-- 1 root root 20 Aug  8 00:00 letsencrypt.log.8.gz
-rw-r--r-- 1 root root 20 Aug  1 00:00 letsencrypt.log.9.gz

So yeah given that the files are really just empty, I should have tested this when certbot was actually outputting something. I thought the logfiles just stopped rotating once I stopped certbot, but apparently that's not the case.

Still I don't have leftover files not created by logrotate, so either they were cleaned up since I last ran certbot, or they were never created.

MikeMcQ · October 8, 2021, 2:15pm

What about using Cerbot --max-log-backups 5 (or whatever number)

You will need to delete the excess now but that limits future build up.

system · November 7, 2021, 2:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Where can i find the letsencrypt logrotate script? Help	7	4806	May 22, 2017
So many logfiles Help	10	12982	May 27, 2017
Limiting the number of log entries Help	6	1733	February 14, 2017
Letsencrypt.log overwritten it instead of appended with every command Help	5	1148	December 9, 2017
Log rotate issue in certbot Help	5	1882	June 3, 2018

Best practice for purging log files?

Related topics