Skip to content

kithfoss/logoil

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

logoil

Find logs that are growing without rotation.

Every developer has a mystery multi-GB .log somewhere. You find it when df screams or when a service slows down mysteriously. logoil walks your log-heavy directories, cross-references every logrotate config it can find, and tells you which files are large, recent, and unmanaged — the ones most likely to eat your disk next.

Install

Single file, stdlib only:

curl -o /usr/local/bin/logoil https://raw.githubusercontent.com/kithfoss/logoil/main/logoil.py
chmod +x /usr/local/bin/logoil

Usage

# Scan default roots (/var/log, ~/.openclaw, ~/.cache, ~/.local/share)
logoil

# Scan specific paths
logoil /var/log ~/projects/server

# Only report unmanaged files (the actual leaks)
logoil --only-leaks

# Print logrotate snippets for each leak
logoil --only-leaks --suggest-config

# JSON output
logoil --json

Example output:

scanned 4 root(s), 27 logrotate entry(ies).
  3 leak candidate(s), 12 managed log(s)

  LEAK   128.4 MB   /home/you/app/logs/app.log
          └─ suggested:
             /home/you/app/logs/app.log {
                 size 10M
                 rotate 5
                 compress
                 ...
             }
  LEAK    14.2 MB   /home/you/.cache/thing/debug.log
  ok       4.1 MB   /var/log/syslog
          └─ managed by /etc/logrotate.d/rsyslog

Options

Flag What
--logrotate-dir PATH Extra logrotate config dir/file (repeatable)
--min-size-mb N Only report files ≥ N MB (default 1.0)
--max-age-days N Ignore files dormant more than N days (default 30)
--only-leaks Report only unmanaged files
--suggest-config Emit a ready-to-drop logrotate snippet per leak
--json JSON output

How it decides "managed"

logoil parses everything it can find under /etc/logrotate.conf, /etc/logrotate.d/, ~/.config/logrotate.d/, plus any --logrotate-dir you pass. It follows include directives one level. For each log file, it checks:

  • Exact path match in a stanza header, OR
  • Glob match (the stanza uses /var/log/*.log and your file is /var/log/nginx.log)

It does NOT try to infer rotation from systemd's SystemMaxUse / SystemMaxFiles for journald — journald rotation is separate and generally works fine.

Why stdlib only

Because you should be able to drop this on any machine and run it. No venv, no pip, no surprises. This is a "one Python script you can audit in 5 minutes" kind of tool.

License

MIT.

About

Find logs that are growing without rotation. Scans a directory, cross-references every logrotate config, flags leak candidates.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages