A system administrator wants to configure log rotation to compress log files daily and keep 30 days of logs. Which of the following configurations achieves this goal?
This is the correct logrotate syntax for daily rotation, 30 rotations, and compression.
Why this answer
Option B is correct because logrotate is the standard Linux utility for log rotation, compression, and retention. The configuration directive 'daily rotate 30 compress' in a file under /etc/logrotate.d/ instructs logrotate to rotate logs daily, keep 30 rotated copies, and compress old logs with gzip. This directly meets the requirement of daily compression and 30-day retention.
Exam trap
The trap here is that candidates may confuse logrotate's 'rotate' count with a time-based retention period, or assume that rsyslog or a simple cron+gzip approach can handle rotation and retention, when in fact logrotate is the dedicated tool that manages both rotation and compression with precise control over file naming and retention limits.
How to eliminate wrong answers
Option A is wrong because /etc/rsyslog.conf is the configuration file for rsyslog, the system logging daemon, and it does not have a 'maxlogsize' parameter for log rotation; log rotation is handled by logrotate, not rsyslog. Option C is wrong because a cron job running 'gzip /var/log/mylog.*' would compress all matching files daily but would not perform rotation (renaming the active log) or enforce a retention limit of 30 days, leading to uncontrolled accumulation of compressed files. Option D is wrong because editing /etc/logrotate.conf to set 'rotate 30 weekly' would keep 30 weeks of logs, not 30 days, and the 'weekly' directive contradicts the requirement for daily rotation.