mv /path/to/log.log /path/to/log.log.1
Do this for your access, errors, and if you really do it on prod, you rewrite the logs. This does not affect Apache on * nix since the file is open. Then restart Apache. Yes, I know that I said that it reboots, but it usually takes a second or so, so I doubt if anyone will notice - or blame her for the network. Restartable Apache will start with a new set of log files.
From the point of view of your current logs, IMO you need to keep at least the last 3 months of error logs and 1 month of access logs, but look at your volumetrics to decide your crude weekly volumes for error and access logs. Do not truncate old files. If necessary, make a nice tail to get to gzip -c
from them to the archives. If you want to split the use of a loop using tail | head | gzip using the --bytes=nnG
. Well, you split on an odd line, but better than deleting the lot, as you suggest.
Of course, you can simply delete the lot, like you and others, but what are you going to do if you understand that the site has been hacked recently? "Sorry: too late, I deleted the evidence!"
Then, for the sake of good, implement the logrotate mode.
source share