Find Log Files Older Than 7 Days: Essential Log Management Commands
Master the find command to locate and manage old log files. Learn essential log housekeeping techniques for maintaining clean and efficient Linux systems.
Know More Team
January 27, 2025
3 min read
LinuxLog ManagementFile OperationsSystem AdministrationFind Command
Find Log Files Older Than 7 Days: Essential Log Management Commands
Log files are the lifeblood of system monitoring and troubleshooting, but they can quickly consume disk space if not managed properly. In production environments, log files older than 7 days are often candidates for compression, archiving, or deletion. Knowing how to efficiently locate these files is a fundamental skill for any Linux system administrator or DevOps engineer.
Understanding Log File Management
Why Manage Old Log Files?
Log files serve different purposes at different stages of their lifecycle:
- Recent logs (0-7 days) - Active monitoring, real-time troubleshooting
- Older logs (7-30 days) - Historical analysis, compliance requirements
- Very old logs (30+ days) - Long-term archiving, space management
Proper log management is crucial for maintaining system performance, meeting compliance requirements, and ensuring adequate disk space for critical operations.
Common Log Locations
Linux systems store logs in various locations:
/var/log/- System and application logs/var/log/apache2/- Apache web server logs/var/log/nginx/- NGINX web server logs/var/log/mysql/- MySQL database logs/var/log/audit/- Security audit logs/var/log/journal/- Systemd journal logs
The Essential Find Command
Basic Command Structure
The find command is the most powerful tool for locating files based on various criteria:
find /var/log -type f -mtime +7
Command breakdown:
find- The Linux command to search for files/var/log- The target directory containing log files-type f- Limits search to files only (excludes directories)-mtime +7- Matches files modified more than 7 days ago
Understanding Time Modifiers
The -mtime option uses different modifiers to specify time ranges:
# Files older than 7 days
find /var/log -type f -mtime +7
# Files newer than 7 days
find /var/log -type f -mtime -7
# Files exactly 7 days old
find /var/log -type f -mtime 7
# Files between 7 and 30 days old
find /var/log -type f -mtime +7 -mtime -30
The `+7` means "more than 7 days ago", not "7 days or older". This is a common source of confusion.
Advanced Log File Operations
View File Details
To see more information about the files, including size and timestamps:
# List files with detailed information
find /var/log -type f -mtime +7 -exec ls -lh {} \;
# Alternative using -ls option
find /var/log -type f -mtime +7 -ls
# Show only file sizes and names
find /var/log -type f -mtime +7 -exec du -h {} \;
Filter by File Extension
Target specific types of log files:
# Find only .log files older than 7 days
find /var/log -type f -name "*.log" -mtime +7
# Find compressed log files
find /var/log -type f -name "*.gz" -mtime +7
# Find rotated log files
find /var/log -type f -name "*.log.*" -mtime +7
Count Files
Get a quick count of old log files:
# Count files older than 7 days
find /var/log -type f -mtime +7 | wc -l
# Count by file type
find /var/log -type f -name "*.log" -mtime +7 | wc -l
Practical Log Management Scenarios
Scenario 1: Log File Cleanup
# First, review what would be deleted
find /var/log -type f -mtime +7 -exec ls -lh {} \;
# Delete old log files (be careful!)
sudo find /var/log -type f -mtime +7 -delete
# Or move to archive directory
sudo find /var/log -type f -mtime +7 -exec mv {} /var/log/archive/ \;
Scenario 2: Log Compression
# Compress old log files
find /var/log -type f -name "*.log" -mtime +7 -exec gzip {} \;
# Compress with progress indication
find /var/log -type f -name "*.log" -mtime +7 -exec sh -c 'echo "Compressing $1" && gzip "$1"' _ {} \;
Scenario 3: Log Archiving
# Create archive directory
sudo mkdir -p /var/log/archive/$(date +%Y-%m)
# Move old logs to archive
sudo find /var/log -type f -mtime +7 -exec mv {} /var/log/archive/$(date +%Y-%m)/ \;
# Compress archived logs
sudo find /var/log/archive -type f -name "*.log" -exec gzip {} \;
Advanced Find Techniques
Multiple Directory Search
# Search multiple log directories
find /var/log /var/log/apache2 /var/log/nginx -type f -mtime +7
# Exclude certain directories
find /var/log -type f -mtime +7 -not -path "*/journal/*"
Size-Based Filtering
# Find large log files older than 7 days
find /var/log -type f -mtime +7 -size +100M
# Find small log files (might be safe to delete)
find /var/log -type f -mtime +7 -size -1M
Permission-Based Filtering
# Find files owned by specific user
find /var/log -type f -mtime +7 -user www-data
# Find files with specific permissions
find /var/log -type f -mtime +7 -perm 644
Automation and Scripting
Basic Cleanup Script
#!/bin/bash
# log_cleanup.sh
LOG_DIR="/var/log"
ARCHIVE_DIR="/var/log/archive"
DAYS_OLD=7
# Create archive directory if it doesn't exist
mkdir -p "$ARCHIVE_DIR"
# Find and archive old log files
find "$LOG_DIR" -type f -mtime +$DAYS_OLD -name "*.log" -exec mv {} "$ARCHIVE_DIR/" \;
# Compress archived files
find "$ARCHIVE_DIR" -type f -name "*.log" -exec gzip {} \;
echo "Log cleanup completed at $(date)"
Advanced Log Management Script
#!/bin/bash
# advanced_log_cleanup.sh
LOG_DIR="/var/log"
ARCHIVE_DIR="/var/log/archive"
COMPRESS_DAYS=7
DELETE_DAYS=30
# Function to log actions
log_action() {
echo "[$(date)] $1" >> /var/log/log_cleanup.log
}
# Create archive directory
mkdir -p "$ARCHIVE_DIR"
# Compress logs older than 7 days
log_action "Starting log compression for files older than $COMPRESS_DAYS days"
find "$LOG_DIR" -type f -name "*.log" -mtime +$COMPRESS_DAYS -not -name "*.gz" -exec gzip {} \; -exec log_action "Compressed: {}" \;
# Delete compressed logs older than 30 days
log_action "Starting deletion of compressed logs older than $DELETE_DAYS days"
find "$LOG_DIR" -type f -name "*.gz" -mtime +$DELETE_DAYS -exec rm -f {} \; -exec log_action "Deleted: {}" \;
# Clean up empty directories
find "$LOG_DIR" -type d -empty -delete
log_action "Log cleanup completed successfully"
Best Practices for Log Management
1. Always Preview Before Deleting
# Never delete without reviewing first
find /var/log -type f -mtime +7 -exec ls -lh {} \;
# Use dry-run mode in scripts
if [ "$1" = "--dry-run" ]; then
find /var/log -type f -mtime +7 -exec echo "Would delete: {}" \;
else
find /var/log -type f -mtime +7 -delete
fi
2. Implement Log Rotation
# Use logrotate for automatic log management
sudo nano /etc/logrotate.d/custom
# Example logrotate configuration
/var/log/myapp/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 644 www-data www-data
postrotate
systemctl reload myapp
endscript
}
3. Monitor Disk Usage
# Check disk usage of log directories
du -sh /var/log/*
# Set up alerts for high disk usage
df -h /var/log | awk 'NR==2 {if ($5 > 80) print "Warning: /var/log is " $5 " full"}'
4. Use Appropriate Retention Policies
# Different retention for different log types
# System logs: 30 days
find /var/log -name "syslog*" -mtime +30 -delete
# Application logs: 7 days
find /var/log -name "app*.log" -mtime +7 -delete
# Security logs: 90 days
find /var/log -name "auth*" -mtime +90 -delete
Common Pitfalls and Solutions
Pitfall 1: Accidentally Deleting Active Logs
Problem: Deleting log files that applications are actively writing to Solution: Always check if files are in use before deleting
# Check if file is open
lsof /var/log/important.log
# Use truncate instead of delete for active logs
sudo truncate -s 0 /var/log/active.log
Pitfall 2: Not Considering Log Rotation
Problem: Manual cleanup interfering with logrotate Solution: Coordinate with existing log rotation policies
# Check logrotate configuration
sudo logrotate -d /etc/logrotate.conf
# Test logrotate
sudo logrotate -f /etc/logrotate.d/nginx
Pitfall 3: Insufficient Disk Space
Problem: Log cleanup not freeing enough space Solution: Implement more aggressive cleanup strategies
# Find largest files first
find /var/log -type f -exec du -h {} + | sort -hr | head -20
# Compress before deleting
find /var/log -type f -mtime +3 -exec gzip {} \;
Conclusion
Managing log files older than 7 days is a critical task for maintaining healthy Linux systems. The find command with -mtime +7 is your primary tool for this task, but understanding the broader context of log management is equally important.
Key takeaways:
- Always preview before deleting - Use
ls -lhto see what you're about to remove - Implement proper retention policies - Different logs need different retention periods
- Use automation wisely - Script your cleanup but always include safety checks
- Coordinate with log rotation - Don't interfere with existing logrotate configurations
- Monitor disk usage - Set up alerts to prevent disk space issues
Remember: Log management is not just about freeing disk space—it's about maintaining a balance between system performance, compliance requirements, and operational needs.
Related Topics
Table of Contents
Navigate the scroll
Reading Progress