Kerberos logs rotate

One day, I found one of our Kerberos servers was out of space. I found Kerberos does not handle logs rotate by default. That’s why it ate a lot of space. So, here is the way to make Kerberos logs rotate.

Editing /etc/logrotate.d/krb5kdc file

# vi /etc/logrotate.d/krb5kdc
/var/log/krb5kdc.log {
    missingok
    notifempty
    create 0640 root root
    postrotate
        /etc/init.d/krb5kdc condrestart >/dev/null 2>&1 || true
    endscript
}

And editing /etc/logrotate.d/kadmin file

/var/log/kadmind.log {
    missingok
    notifempty
    create 0640 root root
    postrotate
        /etc/init.d/kadmin condrestart >/dev/null 2>&1 || true
    endscript
}

After you edited these two files, it will do the logs rotate by itself, weekly. If you would like to test logs rotate, you can use following command :

# logrotate -f -v /etc/logrotate.conf