Logrotate and Docker: Why and How?

Introduction

Logrotate is a powerful tool for log management in Linux, but its interaction with Docker has its own specifics. This guide explains how to properly use logrotate with Docker containers and when it’s better to rely on Docker’s built-in log management tools.

Docker Containers and Logs

Docker collects logs from the standard output streams (stdout and stderr) of containers and, by default, stores them as JSON files:

/var/lib/docker/containers/\<container\_id>/\<container\_id>-json.log

If a container generates a lot of logs, these files can take up gigabytes and quickly consume all available disk space.

Built-in Docker Tools

Docker has built-in mechanisms for limiting logs via log-opt parameters when starting a container (docker run) or in docker-compose.yml.

Key Parameters

• max-size — maximum log file size.
• max-file — number of log files to keep.

Example docker-compose.yml

version: '3'
services:
  my-service:
    image: my-service-image
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

This is the recommended way to manage logs in Docker — simple, safe, and officially supported.

Logrotate: Necessity and Advantages

Why use logrotate if Docker already has its own tools?

Answer: centralization and flexibility.

Advantages of logrotate

• 📌 Centralization — manage logs for all services (Docker, Nginx, PostgreSQL) in one place.
• 📌 Flexibility — supports compression, notifications, and running scripts after rotation.
• 📌 Compatibility — works even with legacy systems.
• 📌 Stability — prevents disk overflow.

Example Logrotate Configuration for Docker

Create a file /etc/logrotate.d/docker-containers:

/var/lib/docker/containers/*/*.log {
    rotate 7
    daily
    compress
    size 100M
    copytruncate
    su root root
}

Parameter Explanation

• rotate 7 — keep 7 archives.
• daily — rotate once per day.
• compress — compress old logs.
• size 100M — rotate when size reaches 100 MB.
• copytruncate — copy and truncate the file without restarting the container.
• su root root — run as root.

💡 Thanks to copytruncate, the container doesn’t need to be restarted — Docker will keep writing to the same file.

Docker log-opt or logrotate: What to Choose?

✅ Use Docker’s built-in options (max-size, max-file) if:

• All services run in containers.
• You need quick and reliable log growth control.
• It’s convenient to set parameters in docker-compose.yml.
• You want to use only supported Docker features.

✅ Use logrotate if:

• You have different services (containers + system daemons).
• logrotate is already configured and you want centralized management.
• You need advanced rotation scenarios.
• You’re working with legacy systems where built-in options are unavailable.

Best Practices

• For new projects: always start with Docker’s built-in settings.

• For production: you can combine both approaches:

  • Docker limits log growth (max-size, max-file).
  • Logrotate manages system logs and archives container logs.

Conclusion

• Docker’s built-in mechanisms are the first choice for log management.
• Logrotate remains a useful tool for centralization and flexibility.
• The optimal production approach: combine both methods.