How to quickly trim a log in Linux – Maybe?

To cut to the chase: This worked best for me in a pinch:

tail -n 100 /var/log/logfile > tempfile
cat tempfile > /var/log/logfile
rm -f tempfile

… and then restart the process that’s doing the logging.

If you want to read my long winded journey to that solution, I’ve preserved it in the rest of this post.

So I had to post what felt like a totally ridiculous question this morning. I’d turned to google and didn’t find anything simple. And alas, while I feel fairly comfortable in linux, I only know what I know… and sometimes what I know most is that I don’t know nearly enough.

The problem: my exim_mainlog had exploded and I wanted to trim the bazillion lines of garbage, leaving just the last few intact. And I had to do it quick because this log file was taking up way too much of the limited space on this server, and it kept growing while I was trying to patch up the problem.

I thought tail -n 100 /var/log/exim_mainlog > /var/log/exim_mainlog would work, but instead that left me with an empty log. So I could export to a new file, delete the old, move new to old, reset permissions and ownership and, yadah yadah… but that was too complicated when I had to work quickly, and I didn’t have a minute even to write a shell script to take care of it for me. This is what ended up working best. All one line now so it was easy to rerun:

tail -n 100 /var/log/exim_mainlog > tempfile; cat tempfile > /var/log/exim_mainlog; rm -f tempfile

And then restart exim (or whatever daemon is doing the logging) for good measure.. thanks Bryan 🙂

Obviously if you’re working with a different log file, change the name and path. If you don’t want 100 lines saved, change 100 to some other number. And if you’re working with a lifo, use head instead of tail. Maybe not the best answer, but it worked in a pinch, without having to install any trimming programs or create new scripts. If that’s what you’re looking for, I hope it helps you, too.

And if you know of an easier/better way to do this — or if there’s a problem with this method — holler 🙂