Managing log files that accumulate over time is a common challenge for system administrators. While these files need to be preserved for compliance or troubleshooting, they can quickly consume disk space. The ideal solution is to archive older logs rather than deleting them.
The approach using find with -mtime is fundamentally correct for this task. Let's examine why:
find /sourcedirectory -mtime 365 -exec mv "{}" /destination/directory/ \;This command has three key components:
- /sourcedirectory: The root path where the search begins
- -mtime 365: Matches files modified exactly 365 days ago
- -exec mv: Moves each found file to the destination
While the basic command works, these refinements will make it more robust:
find /var/log/app/ -type f -mtime +364 -exec mv -v "{}" /archive/logs/ \;Key improvements:
-type fensures we only move files (not directories)+364matches files older than 364 days (more precise than 365)-vflag makes mv verbose for logging purposes
For better performance with large numbers of files:
find /var/log/ -name "*.log" -mtime +364 -print0 | xargs -0 mv -t /archive/logsBenefits:
-print0and-0handle filenames with spaces correctly- Single mv operation for all files (more efficient)
- Filters by extension with
-name "*.log"
Always test first with these commands:
# Dry run to see what would be moved
find /var/log/ -mtime +364 -exec echo mv "{}" /archive/logs \;
# Count files that would be affected
find /var/log/ -mtime +364 | wc -lFor regular maintenance, add to crontab:
0 3 * * * find /var/log/ -mtime +364 -exec mv "{}" /archive/logs \;This runs daily at 3 AM. Consider adding logging:
0 3 * * * find /var/log/ -mtime +364 -exec mv "{}" /archive/logs \; >> /var/log/archive.log 2>&1For complex scenarios:
# Move and compress simultaneously
find /var/log/ -mtime +364 -exec sh -c 'mv "{}" /archive/logs && gzip /archive/logs/$(basename "{}")' \;
# Preserve directory structure
find /var/log/ -mtime +364 -exec sh -c 'mkdir -p /archive/$(dirname "{}") && mv "{}" "/archive/{}"' \;When your log partition is nearing capacity but you need to retain historical logs for compliance or debugging purposes, moving older files to secondary storage is a common solution. The challenge is automating this process while precisely targeting files by their age.
The find command with -mtime is indeed the right approach for this task. Your proposed solution:
find /sourcedirectory -mtime 365 -exec mv \"{}\" /destination/directory/ \\;
Will work, but let's examine the details and alternatives:
The -mtime 365 parameter means:
365= exactly 365 days old+365= older than 365 days-365= newer than 365 days
For your requirement (files older than 1 year), you should actually use:
find /sourcedirectory -mtime +365 -exec mv {} /destination/directory/ \\;
For more complex scenarios, consider these variations:
# Move files older than 1 year with confirmation
find /var/log -mtime +365 -ok mv {} /archive/logs/ \\;
# Move files modified before specific date (YYYY-MM-DD)
find /sourcedir -not -newermt "2022-01-01" -exec mv {} /destdir/ \\;
# Move with progress display using rsync
find /source -mtime +365 -print0 | xargs -0 rsync -avh --remove-source-files --progress /dest/
Important considerations:
- Ensure destination directory exists:
mkdir -p /destination/directory - Preserve permissions: Add
-exec cp -a {} /dest/ \\; && rm {} - Test first with
-lsinstead of-exec - Consider filesystem boundaries when moving between partitions
For regular maintenance, create a cron job:
# Add to crontab -e
0 3 * * * /usr/bin/find /var/log/app -mtime +365 -exec mv {} /archive/logs/ \\;
For directories with millions of files:
- Use
-maxdepth 1to prevent deep recursion - Consider
-xdevto stay on one filesystem - Parallel processing with
xargs -Pfor large moves