How to Move Files Older Than 1 Year in Linux Using find and mv Commands

Managing log files that accumulate over time is a common challenge for system administrators. While these files need to be preserved for compliance or troubleshooting, they can quickly consume disk space. The ideal solution is to archive older logs rather than deleting them.

The approach using find with -mtime is fundamentally correct for this task. Let's examine why:

find /sourcedirectory -mtime 365 -exec mv "{}" /destination/directory/ \;

This command has three key components:

/sourcedirectory: The root path where the search begins
-mtime 365: Matches files modified exactly 365 days ago
-exec mv: Moves each found file to the destination

While the basic command works, these refinements will make it more robust:

find /var/log/app/ -type f -mtime +364 -exec mv -v "{}" /archive/logs/ \;

Key improvements:

-type f ensures we only move files (not directories)

+364 matches files older than 364 days (more precise than 365)

-v flag makes mv verbose for logging purposes

For better performance with large numbers of files:

find /var/log/ -name "*.log" -mtime +364 -print0 | xargs -0 mv -t /archive/logs

Benefits:

-print0 and -0 handle filenames with spaces correctly

Single mv operation for all files (more efficient)

Filters by extension with -name "*.log"

Always test first with these commands:

# Dry run to see what would be moved find /var/log/ -mtime +364 -exec echo mv "{}" /archive/logs \; # Count files that would be affected find /var/log/ -mtime +364 | wc -l

For regular maintenance, add to crontab:

0 3 * * * find /var/log/ -mtime +364 -exec mv "{}" /archive/logs \;

This runs daily at 3 AM. Consider adding logging:

0 3 * * * find /var/log/ -mtime +364 -exec mv "{}" /archive/logs \; >> /var/log/archive.log 2>&1

For complex scenarios:

# Move and compress simultaneously find /var/log/ -mtime +364 -exec sh -c 'mv "{}" /archive/logs && gzip /archive/logs/$(basename "{}")' \; # Preserve directory structure find /var/log/ -mtime +364 -exec sh -c 'mkdir -p /archive/$(dirname "{}") && mv "{}" "/archive/{}"' \;

When your log partition is nearing capacity but you need to retain historical logs for compliance or debugging purposes, moving older files to secondary storage is a common solution. The challenge is automating this process while precisely targeting files by their age.

The find command with -mtime is indeed the right approach for this task. Your proposed solution:

find /sourcedirectory -mtime 365 -exec mv \"{}\" /destination/directory/ \\;

Will work, but let's examine the details and alternatives:

The -mtime 365 parameter means:

365 = exactly 365 days old

+365 = older than 365 days

-365 = newer than 365 days

For your requirement (files older than 1 year), you should actually use:

find /sourcedirectory -mtime +365 -exec mv {} /destination/directory/ \\;

For more complex scenarios, consider these variations:

# Move files older than 1 year with confirmation find /var/log -mtime +365 -ok mv {} /archive/logs/ \\; # Move files modified before specific date (YYYY-MM-DD) find /sourcedir -not -newermt "2022-01-01" -exec mv {} /destdir/ \\; # Move with progress display using rsync find /source -mtime +365 -print0 | xargs -0 rsync -avh --remove-source-files --progress /dest/

Important considerations:

Ensure destination directory exists: mkdir -p /destination/directory

Preserve permissions: Add -exec cp -a {} /dest/ \\; && rm {}

Test first with -ls instead of -exec

Consider filesystem boundaries when moving between partitions

For regular maintenance, create a cron job:

# Add to crontab -e 0 3 * * * /usr/bin/find /var/log/app -mtime +365 -exec mv {} /archive/logs/ \\;

For directories with millions of files:

Use -maxdepth 1 to prevent deep recursion

Consider -xdev to stay on one filesystem

Parallel processing with xargs -P for large moves