Linux Log Files
debt(d7/e3/b5/t7)
Closest to 'only careful code review or runtime testing' (d7). The detection_hints list logrotate, datadog, and prometheus-node-exporter — none of these catch missing logrotate config at write time; disk-fill is only visible via monitoring alerts or when the disk actually fills. A missing postrotate signal continues silently writing to renamed files in production, invisible until log data is lost or disk fills.
Closest to 'simple parameterised fix (replace pattern with safer alternative)' (e3). The quick_fix describes configuring logrotate for application log files — this is a small, targeted config file change per application, not a single-line patch but not a multi-file refactor. Each misconfigured log path needs its own logrotate stanza and possibly a postrotate signal, making it a modest parameterised fix across a handful of config files.
Closest to 'persistent productivity tax' (b5). The applies_to covers both web and cli contexts, meaning any PHP application or service needs explicit log rotation config. Forgetting it on any new application or log path restarts the problem. Every deployment, new service, or new log file path requires the developer to remember the rotation concern — a persistent but not system-defining tax.
Closest to 'serious trap (contradicts how a similar concept works elsewhere)' (t7). The misconception explicitly states that developers assume application logs are automatically rotated — this is the canonical wrong belief. Developers familiar with managed platforms (Heroku, cloud logging services) or with system logs that happen to have rotation pre-configured will confidently assume the same applies to their PHP error logs and nginx access logs, leading to silent unbounded growth and eventual server crashes.
Also Known As
TL;DR
Explanation
Key log locations: /var/log/syslog or /var/log/messages (system events), /var/log/auth.log (authentication), /var/log/nginx/ (web server), /var/log/php/ (PHP errors), /var/log/mysql/ (database). journald stores logs in binary format — use journalctl to query. logrotate manages log rotation: compresses old logs, deletes aged logs, and signals services to reopen log files. Essential commands: tail -f (live follow), grep -i error, awk for field extraction, zcat/zgrep for compressed rotated logs.
Common Misconception
Why It Matters
Common Mistakes
- PHP error_log pointing to a file without logrotate config — grows to gigabytes over months.
- Not configuring postrotate in logrotate to signal PHP-FPM to reopen logs — continues writing to the renamed file.
- Grepping uncompressed current log instead of all rotated logs — misses historical events.
- Not knowing journalctl --since 'yesterday' for time-filtered system logs.
Code Examples
# No logrotate for PHP app — log grows unbounded:
; php.ini:
error_log = /var/log/php/app.log
; 6 months later: app.log = 47GB
; Server disk: 100% full
; All services crash# /etc/logrotate.d/php-app:
/var/log/php/app.log {
daily
rotate 14 # Keep 14 days
compress # gzip old logs
delaycompress # Keep yesterday uncompressed for tail
missingok
notifempty
create 0640 www-data adm
postrotate
# Signal PHP-FPM to reopen log file:
/bin/kill -USR1 $(cat /run/php-fpm.pid 2>/dev/null) 2>/dev/null || true
endscript
}
# Query recent errors:
journalctl -u php-fpm --since '1 hour ago' | grep -i error
grep -r 'Fatal error' /var/log/php/