From 24b3e2d741a0e559be69d69dfb6a7760e06c3e36 Mon Sep 17 00:00:00 2001
From: seb <spujadas@gmail.com>
Date: Fri, 29 Apr 2016 21:14:35 +0200
Subject: [PATCH] added log rotation to ELK logs (see #38)

---
 Dockerfile              | 10 ++++++++++
 docs/index.md           |  2 ++
 elasticsearch-logrotate |  9 +++++++++
 kibana-logrotate        |  9 +++++++++
 logstash-logrotate      |  9 +++++++++
 5 files changed, 39 insertions(+)
 create mode 100644 elasticsearch-logrotate
 create mode 100644 kibana-logrotate
 create mode 100644 logstash-logrotate

diff --git a/Dockerfile b/Dockerfile
index f9ccc018..ab1e2e8b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -119,6 +119,16 @@ ADD ./nginx.pattern ${LOGSTASH_HOME}/patterns/nginx
 RUN chown -R logstash:logstash ${LOGSTASH_HOME}/patterns
 
 
+### configure logrotate
+
+ADD ./elasticsearch-logrotate /etc/logrotate.d/elasticsearch
+ADD ./logstash-logrotate /etc/logrotate.d/logstash
+ADD ./kibana-logrotate /etc/logrotate.d/kibana
+RUN chmod 644 /etc/logrotate.d/elasticsearch \
+ && chmod 644 /etc/logrotate.d/logstash \
+ && chmod 644 /etc/logrotate.d/kibana
+
+
 ###############################################################################
 #                                   START
 ###############################################################################
diff --git a/docs/index.md b/docs/index.md
index 59596c4b..1209dd39 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -656,6 +656,8 @@ If this still seems to fail, then you should have a look at:
 
 - ELK's logs, by `docker exec`'ing into the running container (see [Creating a dummy log entry](#creating-dummy-log-entry)) and checking Logstash's logs (located in `/var/log/logstash`), Elasticsearch's logs (in `/var/log/elasticsearch`), and Kibana's logs (in `/var/log/kibana`).
 
+	Note that ELK's logs are rotated daily and are deleted after a week, using logrotate. You can change this behaviour by overwriting the `elasticsearch`, `logstash` and `kibana` files in `/etc/logrotate.d`.  
+
 ## Reporting issues <a name="reporting-issues"></a>
 
 You can report issues with this image using [GitHub's issue tracker](https://github.com/spujadas/elk-docker/issues) (please avoid raising issues as comments on Docker Hub, if only for the fact that the notification system is broken at the time of writing so there's a fair chance that I won't see it for a while).
diff --git a/elasticsearch-logrotate b/elasticsearch-logrotate
new file mode 100644
index 00000000..716d731a
--- /dev/null
+++ b/elasticsearch-logrotate
@@ -0,0 +1,9 @@
+/var/log/elasticsearch/*.log {
+    daily
+    rotate 7
+    copytruncate
+    compress
+    delaycompress
+    missingok
+    notifempty
+}
diff --git a/kibana-logrotate b/kibana-logrotate
new file mode 100644
index 00000000..f398d7cc
--- /dev/null
+++ b/kibana-logrotate
@@ -0,0 +1,9 @@
+/var/log/kibana/kibana4.log {
+    daily
+    rotate 7
+    copytruncate
+    compress
+    delaycompress
+    missingok
+    notifempty
+}
diff --git a/logstash-logrotate b/logstash-logrotate
new file mode 100644
index 00000000..812d01e9
--- /dev/null
+++ b/logstash-logrotate
@@ -0,0 +1,9 @@
+/var/log/logstash/*.err /var/log/logstash/*.log /var/log/logstash/*.stdout {
+    daily
+    rotate 7
+    copytruncate
+    compress
+    delaycompress
+    missingok
+    notifempty
+}