$ Linux One Liners
Back to lessons

Hosting Operations

Find Logs Missing Logrotate Coverage

A log file can grow forever if no logrotate rule references it.

Command

find /var/log -type f -name '*.log' -printf '%p\n' | while read -r log; do grep -Rqs -- "$log" /etc/logrotate.conf /etc/logrotate.d || grep -Rqs -- "$(dirname "$log")/[*].log" /etc/logrotate.conf /etc/logrotate.d || printf '%s\n' "$log"; done

What changed

Nothing changes. The loop prints log files that are not directly referenced by logrotate config text.

Danger

safe

When to use it

Use during disk-growth triage or before onboarding a new app that writes its own logs.

When not to use it

Do not treat absence from this output as complete proof of coverage; wildcard patterns can require manual review.

Undo or recovery

No undo needed because the command is read-only.

Expected output

Paths to .log files that do not appear directly in logrotate configuration.

demo script

Disposable terminal steps

  1. find /var/log -type f -name '*.log' -printf '%p\n' | sort
  2. find /var/log -type f -name '*.log' -printf '%p\n' | while read -r log; do grep -Rqs -- "$log" /etc/logrotate.conf /etc/logrotate.d || grep -Rqs -- "$(dirname "$log")/[*].log" /etc/logrotate.conf /etc/logrotate.d || printf '%s\n' "$log"; done
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find /var/log -type f -name '*.log' -printf '%p\n' | sort
/var/log/app/app.log
/var/log/app/debug.log
/var/log/nginx/access.log
/var/log/nginx/error.log
::exit-code::0
$ find /var/log -type f -name '*.log' -printf '%p\n' | while read -r log; do grep -Rqs -- "$log" /etc/logrotate.conf /etc/logrotate.d || grep -Rqs -- "$(dirname "$log")/[*].log" /etc/logrotate.conf /etc/logrotate.d || printf '%s\n' "$log"; done
/var/log/app/debug.log
::exit-code::0

YouTube Short

Find unmanaged logs.

If an app writes a log that logrotate never mentions, disk alerts are only a matter of time. List uncovered files first.

LinkedIn hook

The biggest log risk is often the file no policy mentions.

Question: How do you check that every app log has a rotation policy?

experiments

A/B tests to run

Metric: linkedin_comment_rate

A: The file no policy mentions is the risk.

B: Find logs missing logrotate coverage.