Find logs that are growing without rotation.
Every developer has a mystery multi-GB .log somewhere. You find it when df screams or when a service slows down mysteriously. logoil walks your log-heavy directories, cross-references every logrotate config it can find, and tells you which files are large, recent, and unmanaged — the ones most likely to eat your disk next.
Single file, stdlib only:
curl -o /usr/local/bin/logoil https://raw.githubusercontent.com/kithfoss/logoil/main/logoil.py
chmod +x /usr/local/bin/logoil# Scan default roots (/var/log, ~/.openclaw, ~/.cache, ~/.local/share)
logoil
# Scan specific paths
logoil /var/log ~/projects/server
# Only report unmanaged files (the actual leaks)
logoil --only-leaks
# Print logrotate snippets for each leak
logoil --only-leaks --suggest-config
# JSON output
logoil --jsonExample output:
scanned 4 root(s), 27 logrotate entry(ies).
3 leak candidate(s), 12 managed log(s)
LEAK 128.4 MB /home/you/app/logs/app.log
└─ suggested:
/home/you/app/logs/app.log {
size 10M
rotate 5
compress
...
}
LEAK 14.2 MB /home/you/.cache/thing/debug.log
ok 4.1 MB /var/log/syslog
└─ managed by /etc/logrotate.d/rsyslog
| Flag | What |
|---|---|
--logrotate-dir PATH |
Extra logrotate config dir/file (repeatable) |
--min-size-mb N |
Only report files ≥ N MB (default 1.0) |
--max-age-days N |
Ignore files dormant more than N days (default 30) |
--only-leaks |
Report only unmanaged files |
--suggest-config |
Emit a ready-to-drop logrotate snippet per leak |
--json |
JSON output |
logoil parses everything it can find under /etc/logrotate.conf, /etc/logrotate.d/, ~/.config/logrotate.d/, plus any --logrotate-dir you pass. It follows include directives one level. For each log file, it checks:
- Exact path match in a stanza header, OR
- Glob match (the stanza uses
/var/log/*.logand your file is/var/log/nginx.log)
It does NOT try to infer rotation from systemd's SystemMaxUse / SystemMaxFiles for journald — journald rotation is separate and generally works fine.
Because you should be able to drop this on any machine and run it. No venv, no pip, no surprises. This is a "one Python script you can audit in 5 minutes" kind of tool.
MIT.