Skip to content
Log in

Log rotation

Definition

The scheduled process of closing the current log file, compressing it, renaming it with a date or sequence suffix, and opening a new file. On Linux systems, logrotate manages this. Rotation schedules define how long historical logs are retained locally, which directly affects how far back an investigation can reach without a centralised archive.

Related terms

Binary log (database)
A database engine's sequential record of all committed data modification statements, used primarily for replication and point-in-time recovery. In MySQL and MariaDB,...
Combined Log Format
An extension of the Common Log Format used as the default by Apache HTTP Server and widely adopted by Nginx. Adds referrer...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
SIEM
Security Information and Event Management. A platform that ingests log streams from multiple sources, normalises them to a common schema, and applies...
Syslog (RFC 5424)
A standard protocol and message format for transmitting log data from Unix-like systems and network devices to a centralised collector. Each message...

Explained in

  • Server and Application Log AnalysisThe scheduled process of closing the current log file, compressing it, renaming it with a date or sequence suffix, and opening a new file. On Linux systems, lo...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account