Skip to main content

Tutorial: Set Up a Log File Rotation


Set up a rotation for Access Server log files and delete old files by following this tutorial.


This tutorial sets an allowable log file size and automates deleting old log files.

By default, Access Server archives a log file when it reaches about one megabyte. The number of log files grows endlessly until the disk is full. You can follow these steps to set up a log rotation.


When Access Server archives log files, it renames old files sequentially and creates a new log file, always named openvpnas.log. The old files are named openvpnas.log.1, openvpnas.log.2, and so on, with 1 being newer than the 2 file.

  • An installed Access Server.

  • Access to your server's console with root privileges.

To adjust the log file size before it's archived, change the setting in as.conf with the LOG_ROTATE_LENGTH parameter:

  1. Sign on to the console with root privileges.

  2. Open as.conf for editing in a text editor (such as nano):

    nano /usr/local/openvpn_as/etc/as.conf
  3. Add the following line at the bottom (the number represents bytes, and the default is around 1000000 bytes, about 1 megabyte):

  4. Save and exit by pressing Ctrl+x, then y.

  5. Restart the Access Server service:

    service openvpnas restart
    • Access Server writes to the current log file until it reaches your new, specified file size.

You can set up a cron job that periodically deletes old log files.

The number of files you choose to retain, times the file size of the log ration setting, determines how much log data you keep in total, ensuring you never exceed a certain number of bytes used for Access Server's log files.


You can also log to syslog, as explained in this tutorial, which should already have rotation rules set on it in the operating system that clean it up regularly:

Example cron job

Here's an example cron job for deleting old log files. Adjust the commands for your limits and execution time.

To set up a cron job that clears log files number .15 and higher at 4:00 a.m. each night:

  1. Sign in to the console with root privileges.

  2. Open the crontab file for the account you are signed in as:

    crontab -e
    • Select an editor when prompted when doing this for the first time.

  3. At the bottom of the crontab file, add these two lines:

    0 4 * * * /bin/rm /var/log/openvpnas.log.{15..1000} >/dev/null 2>&1
  4. Save and exit by pressing Ctrl+x, then y (if you use nano as your editor).

The script deletes files named /var/log/openvpnas.log.15 and greater every night. Your system keeps the main log file and 14 archived log files.