How to delete few days old log content automatically ?
In this post, we will look at an interesting command/script to delete old logs, say 5 days before.
The task is useful to reduce the log file size, however we recommend you to try on development server first before running the command on production server.
1. Check for which log file under /var/log, you want to delete old logs.
### For example:- my messages file has logs from 7th January to 14th January. [root@nglinux log]# more messages Jan 7 03:13:07 localhost rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1767" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Jan 7 03:13:21 localhost kernel: dd invoked oom-killer: gfp_mask=0xd0, order=0, oom_adj=0, oom_score_adj=0 Jan 7 03:13:21 localhost kernel: dd cpuset=/ mems_allowed=0 Jan 7 03:13:21 localhost kernel: Pid: 5890, comm: dd Not tainted 2.6.32-696.el6.i686 #1 Jan 7 03:13:21 localhost kernel: Call Trace: Jan 7 03:13:21 localhost kernel: [] ? dump_header+0x84/0x190 ..... ..... Jan 14 02:56:11 localhost rtkit-daemon[2816]: Successfully demoted thread 7841 of process 7822 (/usr/bin/pulseaudio). Jan 14 02:56:11 localhost rtkit-daemon[2816]: Successfully demoted thread 7822 of process 7822 (/usr/bin/pulseaudio). Jan 14 02:56:11 localhost rtkit-daemon[2816]: Demoted 3 threads. Jan 14 03:33:28 localhost rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1767" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
2. Delete logs older than a specified date.
### Now lets say i have to delete all logs older than 2 days i.e. 12th Jan. ### Run below command to edit the message file at the exiting location and to delete logs older than 12th Jan. [root@nglinux ~]# a=`grep -in "Jan 12" messages | head -1 | cut -d ":" -f1`; sed -i "1,$a d" messages
3. View the file now.
The old logs are now erased, and now we have only logs starting from 12th Jan to 14th Jan.
[root@nglinux ~]# more messages Jan 12 08:02:39 localhost rtkit-daemon[2816]: Demoting known real-time threads. Jan 12 08:02:39 localhost rtkit-daemon[2816]: Successfully demoted thread 7848 of process 7822 (/usr/bin/pul seaudio). Jan 12 08:02:39 localhost rtkit-daemon[2816]: Successfully demoted thread 7841 of process 7822 (/usr/bin/pul seaudio). Jan 12 08:02:39 localhost rtkit-daemon[2816]: Successfully demoted thread 7822 of process 7822 (/usr/bin/pul seaudio). Jan 12 08:02:39 localhost rtkit-daemon[2816]: Demoted 3 threads. Jan 14 02:32:46 localhost rtkit-daemon[2816]: Demoted 3 threads. Jan 14 02:46:53 localhost rtkit-daemon[2816]: The canary thread is apparently starving. Taking action. Jan 14 02:46:53 localhost rtkit-daemon[2816]: Demoting known real-time threads. Jan 14 02:46:53 localhost rtkit-daemon[2816]: Successfully demoted thread 7848 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:46:53 localhost rtkit-daemon[2816]: Successfully demoted thread 7841 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:46:53 localhost rtkit-daemon[2816]: Successfully demoted thread 7822 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:51:32 localhost rtkit-daemon[2816]: Demoted 3 threads. Jan 14 02:56:11 localhost rtkit-daemon[2816]: The canary thread is apparently starving. Taking action. Jan 14 02:56:11 localhost rtkit-daemon[2816]: Demoting known real-time threads. Jan 14 02:56:11 localhost rtkit-daemon[2816]: Successfully demoted thread 7848 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:56:11 localhost rtkit-daemon[2816]: Successfully demoted thread 7841 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:56:11 localhost rtkit-daemon[2816]: Successfully demoted thread 7822 of process 7822 (/usr/bin/pul seaudio). Jan 14 02:56:11 localhost rtkit-daemon[2816]: Demoted 3 threads. Jan 14 03:33:28 localhost rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1767" x-info="http ://www.rsyslog.com"] rsyslogd was HUPed [root@nglinux ~]#
4. Verify reduced log file size.
### Old log size. [root@nglinux ~]# du -sh messages 320K messages ### New reduced log size. [root@nglinux ~]# du -sh messages 8.0K messages [root@nglinux ~]#
You can save this command and can use it to have specific logs of particular time to analyze instead of looking complete file.
I hope you liked the trick.
Do comment below your suggestions or questions.