Debian 9 – Is ‘find /var/log -type f -delete’ Safe?

debianfindlogsrm

I never view or care about files in /var/log/ and want to avoid logrotate wasting my system resources (CPU, RAM, I/O, etc.). Are any regular files in /var/log/ necessary for some core Debian program (e.g. apt, aptitude, etc.) to work?

If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more)

Best Answer

I’ll start by saying I don’t think doing away with logs is a good idea, but it’s your system and you’re free to do what you want on it.

Logs aren’t supposed to be relied upon by programs, and in fact they might not even be accessible — it is possible to configure logging such that logs go to a remote system. So it’s safe to delete log files, you won’t lose functionality as a result (beyond no longer being able to see what happens on your system after the fact, of course).

There are however a couple of files in /var/log which are read by certain programs, and aren’t quite log files: on Debian, /var/log/btmp and /var/log/wtmp, which log user logins and logouts. If you don’t care about the last program, and its relatives, then you can delete those files too.

Ideally you should configure your programs to not log to disk at all; in most cases, that involves configuring your system logger (syslog, rsyslog, systemd, etc.). Note too that deleting logs won’t recover the underlying disk space if the log files are open elsewhere (e.g. being written to by a long-running process); if you disable logrotate the logs will never be restarted and they are liable to grow indefinitely, despite there being no corresponding file visible on disk.

Related Question