Devylawyer's Blog

Logrotate your logfiles and upload to Amazon S3

Chiamaka Obitube's photo
Chiamaka Obitube
·

3 min read

This is a simple tutorial on how to archive and compress log files using the logrotate command and upload the archived logs to an AWS S3 Bucket.

Why do we need to archive and keep log files? Troubleshooting purposes, Compliance purposes, legal retention etc.

Prerequisites

  • Linux server
  • AWS account
  • AWS S3 bucket
  • Python

Step 1

Determine the logs you want to archive. To check the log files in a Linux OS, run the command 

cd /var/log

Step 2

Check the logrotate config file by running cat /etc/logrotate.conf. This file contains the default logrotate config file. Ensure that the file contains the line include /etc/logrotate.d . This directory contains all the logrotate config files for different applications include system logs files on the system.

Step 3

In this tutorial, I will be compressing nginx logs and archive the compressed logs to AWS S3 bucket. I will locate my log file by going into the /etc/logrotate.d directory.

Edit the nginx log config file by running the following command sudo nano nginx

My nginx log config file looks like this 

/var/log/nginx/*.log {
    weekly
    missingok
    rotate 5
    compress
    ifempty
    create 0640 www-data adm
    prerotate
        /bin/bash /home/ubuntu/upload_logs.sh
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi \
    endscript
    postrotate
        invoke-rc.d nginx rotate >/dev/null 2>&1
    endscript
}

What this does is to rotate and compress the nginx log files weekly and run the upload_logs.sh script.

Step 4 : Configure S3cmd

S3cmd describes itself as a free command-line tool and client for uploading, retrieving and managing data in Amazon S3 and other cloud storage service providers. You can install S3cmd by running the following commands;

sudo apt-get update && sudo apt-get install s3cmd

Because s3cmd is written in Python, a prerequisite is to install Python before installing s3cmd.

Confirm that S3cmd is installed by running s3cmd --version

Configure s3cmd by running the command 

s3cmd configure

When running the script for the first time, you would be requested to configure the AWS credentials using your AWS ACCESS KEY ID and SECRET KEY etc.

Step 5: Create a bash script

We will create a bash script that will run when we invoke the logrotate command. Ensure that you have created an S3 bucket before creating this script. Create a file upload_script.sh and copy the following code.

#!/bin/bash

sudo cp /var/log/test/*.gz /tmp/

s3cmd sync /var/log/test/*.gz s3://logrotate/logs/`date +%Y-%m-%dT%H:%M:%SZ`.log.gz/

The compressed logs will be uploaded to the logrotate bucket and tagged with the timestamp when the script was run.

Step 6: Run the logrotate command

Now, we can test the configuration by running the command

sudo logrotate /etc/logrotate.conf --verbose --force

Conclusion

Confirm that the logs were archived by checking your AWS S3 bucket.

If you liked this article, like, share and comment. Follow me on Twitter @devylawyer

AWSAmazon S3loggingBash