Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Software] logrotate.conf ignoring older log files?

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
postcd
Posts: 133
Joined: 2022-01-08 18:33
Has thanked: 48 times
Been thanked: 2 times

[Software] logrotate.conf ignoring older log files?

#1 Post by postcd »

Hello,

following output shows that logrotate not dealed with older log files, please why and how to fix it?

Debian 11, 5.10.0-18-amd64

$ grep -v "#" /etc/logrotate.conf|grep .

Code: Select all

hourly
rotate 1
shred
dateext
compress
lastaction
find /var/log -type f -mtime +1 -delete
endscript
$ ls -lht /var/log

Code: Select all

total 110M
-rw-r-----  1 root    adm             338K Feb  7 08:17 auth.log
-rw-r-----  1 root    adm              39M Feb  7 08:01 daemon.log
-rw-r-----  1 root    adm              71M Feb  7 08:01 syslog
drwx------  2 root    root            4.0K Feb  7 03:38 letsencrypt
-rw-r-----  1 root    adm             196K Feb  5 00:06 messages
-rw-r-----  1 root    adm             4.9K Feb  5 00:06 user.log
-rw-rw-r--  1 root    utmp            286K Feb  4 08:54 lastlog
-rw-rw-r--  1 root    utmp             48K Feb  4 08:54 wtmp
-rw-r--r--  1 root    root             56K Feb  1 05:37 dpkg.log
-rw-r--r--  1 root    root            5.9K Feb  1 05:35 alternatives.log
drwxr-xr-x  2 root    root            4.0K Feb  1 05:35 apt
-rw-r-----  1 root    adm             2.4K Jan 23 15:23 debug
-rw-r-----  1 root    adm             190K Jan 23 15:23 kern.log
drwxr-x---  2 root    adm             4.0K Dec  6 05:55 unattended-upgrades
drwxr-xr-x  2 root    adm             4.0K Oct 31 18:33 nginx
drwxr-x---  2 _chrony _chrony         4.0K Sep 20 11:01 chrony
drwx------  2 root    root            4.0K Sep 20 11:01 private
drwxr-sr-x+ 3 root    systemd-journal 4.0K Sep 20 11:01 journal
drwxr-xr-x  3 root    root            4.0K Jul 11  2022 runit
drwxr-xr-x  2 root    root            4.0K May 14  2021 openvpn
$ systemctl status logrotate

Code: Select all

● logrotate.service - Rotate log files
     Loaded: loaded (/lib/systemd/system/logrotate.service; static)
     Active: inactive (dead) since Tue 2023-02-07 00:00:01 CET; 8h ago
TriggeredBy: ● logrotate.timer
       Docs: man:logrotate(8)
             man:logrotate.conf(5)
    Process: 575041 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=0/SUCCESS)
   Main PID: 575041 (code=exited, status=0/SUCCESS)
        CPU: 33ms
$ sudo journalctl -u logrotate|tail

Code: Select all

Feb 04 00:00:02 host systemd[1]: Finished Rotate log files.
Feb 05 00:00:01 host systemd[1]: Starting Rotate log files...
Feb 05 00:00:01 host systemd[1]: logrotate.service: Succeeded.
Feb 05 00:00:01 host systemd[1]: Finished Rotate log files.

Feb 06 00:00:00 host systemd[1]: Starting Rotate log files...
Feb 06 00:00:00 host systemd[1]: logrotate.service: Succeeded.
Feb 06 00:00:00 host systemd[1]: Finished Rotate log files.

Feb 07 00:00:01 host systemd[1]: Starting Rotate log files...
Feb 07 00:00:01 host systemd[1]: logrotate.service: Succeeded.
Feb 07 00:00:01 host systemd[1]: Finished Rotate log files.

I have commented out "*.* stop" line in /etc/rsyslog.conf to hopefully enable system logging to tell me why it is not removing older log files as per the "ls" output above and ran "sudo systemctl restart rsyslog"

User avatar
artytux
Posts: 77
Joined: 2022-10-20 09:00
Has thanked: 18 times
Been thanked: 14 times

Re: [Software] logrotate.conf ignoring older log files?

#2 Post by artytux »

Are you running out of room Mb/Gb on your system being choked up with too much in the logs

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: [Software] logrotate.conf ignoring older log files?

#3 Post by reinob »

I've never seen a line like "find /var/log -type f -mtime +1 -delete" in a logrotate.conf.

You can have things like

Code: Select all

/var/log/* {
 maxage 1
}
but at least I cannot seem to find "find" in the manual.

postcd
Posts: 133
Joined: 2022-01-08 18:33
Has thanked: 48 times
Been thanked: 2 times

Re: [Software] logrotate.conf ignoring older log files?

#4 Post by postcd »

Yes, I need to free up some space. Issue remains..

Adding:
/var/log/* {
maxage 1
}
to logrotate.conf and running "sudo logrotate /etc/logrotate.conf" not caused removal of older logs (files modified before more than 12 months), for example:
-rw-r--r-- 1 root root 113K Jan 28 2022 dpkg.log.9.gz

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: [Software] logrotate.conf ignoring older log files?

#5 Post by reinob »

dpkg has its own logrotate config (/etc/logrotate.d/dpkg), so check/modify there.

keep also in mind that maxage means "Remove rotated logs older than <count> days. The age is only checked if the logfile is to be rotated." so check if this should apply in your case (showing a random lod rotated logfile doesn't help).

postcd
Posts: 133
Joined: 2022-01-08 18:33
Has thanked: 48 times
Been thanked: 2 times

Re: [Software] logrotate.conf ignoring older log files?

#6 Post by postcd »

reinob wrote: 2023-04-28 17:20dpkg has its own logrotate config .... age is only checked if the logfile is to be rotated
That dpkg rotate conf. indeed had less frequent rotation (monthly, rotate 12)
I guess that the old log files (which i want to get rid of) does not qualify to be rotated (for some reason) or mine shown logrotate.conf missing something - though it suggest that i want to set some "global" rule which would override any other logrotate file rules, meaning like no /var/log/ file should be kept for more than 6 months no matter if i added the file manually with custom name, it should be removed by log rotate. But how to do it, considering my logrotate.conf shown in 1st post is not working.

User avatar
fabien
Forum Helper
Forum Helper
Posts: 621
Joined: 2019-12-03 12:51
Location: Anarres (Toulouse, France actually)
Has thanked: 60 times
Been thanked: 146 times

Re: [Software] logrotate.conf ignoring older log files?

#7 Post by fabien »

These are my configuration files. I haven't played with them, it's the original Debian configuration. You can compare with yours.

Code: Select all

$> grep -v "^#\|^ *$" /etc/logrotate.conf
weekly
rotate 4
create
include /etc/logrotate.d

$> grep -v "^#\|^ *$" /etc/logrotate.d/*
/etc/logrotate.d/alternatives:/var/log/alternatives.log {
/etc/logrotate.d/alternatives:	monthly
/etc/logrotate.d/alternatives:	rotate 12
/etc/logrotate.d/alternatives:	compress
/etc/logrotate.d/alternatives:	delaycompress
/etc/logrotate.d/alternatives:	missingok
/etc/logrotate.d/alternatives:	notifempty
/etc/logrotate.d/alternatives:	create 644 root root
/etc/logrotate.d/alternatives:}
/etc/logrotate.d/apt:/var/log/apt/term.log {
/etc/logrotate.d/apt:  rotate 12
/etc/logrotate.d/apt:  monthly
/etc/logrotate.d/apt:  compress
/etc/logrotate.d/apt:  missingok
/etc/logrotate.d/apt:  notifempty
/etc/logrotate.d/apt:}
/etc/logrotate.d/apt:/var/log/apt/history.log {
/etc/logrotate.d/apt:  rotate 12
/etc/logrotate.d/apt:  monthly
/etc/logrotate.d/apt:  compress
/etc/logrotate.d/apt:  missingok
/etc/logrotate.d/apt:  notifempty
/etc/logrotate.d/apt:}
/etc/logrotate.d/aptitude:/var/log/aptitude {
/etc/logrotate.d/aptitude:  rotate 6
/etc/logrotate.d/aptitude:  monthly
/etc/logrotate.d/aptitude:  compress
/etc/logrotate.d/aptitude:  missingok
/etc/logrotate.d/aptitude:  notifempty
/etc/logrotate.d/aptitude:}
/etc/logrotate.d/btmp:/var/log/btmp {
/etc/logrotate.d/btmp:    missingok
/etc/logrotate.d/btmp:    monthly
/etc/logrotate.d/btmp:    create 0660 root utmp
/etc/logrotate.d/btmp:    rotate 1
/etc/logrotate.d/btmp:}
/etc/logrotate.d/cups-daemon:/var/log/cups/*log {
/etc/logrotate.d/cups-daemon:	daily
/etc/logrotate.d/cups-daemon:	missingok
/etc/logrotate.d/cups-daemon:	rotate 7
/etc/logrotate.d/cups-daemon:	sharedscripts
/etc/logrotate.d/cups-daemon:	postrotate
/etc/logrotate.d/cups-daemon:		invoke-rc.d --quiet cups restart > /dev/null
/etc/logrotate.d/cups-daemon:	endscript
/etc/logrotate.d/cups-daemon:	compress
/etc/logrotate.d/cups-daemon:	delaycompress
/etc/logrotate.d/cups-daemon:	notifempty
/etc/logrotate.d/cups-daemon:	create
/etc/logrotate.d/cups-daemon:}
/etc/logrotate.d/dpkg:/var/log/dpkg.log {
/etc/logrotate.d/dpkg:	monthly
/etc/logrotate.d/dpkg:	rotate 12
/etc/logrotate.d/dpkg:	compress
/etc/logrotate.d/dpkg:	delaycompress
/etc/logrotate.d/dpkg:	missingok
/etc/logrotate.d/dpkg:	notifempty
/etc/logrotate.d/dpkg:	create 644 root root
/etc/logrotate.d/dpkg:}
/etc/logrotate.d/exim4-base:/var/log/exim4/mainlog /var/log/exim4/rejectlog {
/etc/logrotate.d/exim4-base:	daily
/etc/logrotate.d/exim4-base:	missingok
/etc/logrotate.d/exim4-base:	rotate 10
/etc/logrotate.d/exim4-base:	compress
/etc/logrotate.d/exim4-base:	delaycompress
/etc/logrotate.d/exim4-base:	notifempty
/etc/logrotate.d/exim4-base:	nocreate
/etc/logrotate.d/exim4-base:}
/etc/logrotate.d/exim4-paniclog:/var/log/exim4/paniclog {
/etc/logrotate.d/exim4-paniclog:	size 10M
/etc/logrotate.d/exim4-paniclog:	missingok
/etc/logrotate.d/exim4-paniclog:	rotate 10
/etc/logrotate.d/exim4-paniclog:	compress
/etc/logrotate.d/exim4-paniclog:	delaycompress
/etc/logrotate.d/exim4-paniclog:	notifempty
/etc/logrotate.d/exim4-paniclog:	nocreate
/etc/logrotate.d/exim4-paniclog:}
/etc/logrotate.d/libvirtd:/var/log/libvirt/libvirtd.log {
/etc/logrotate.d/libvirtd:        weekly
/etc/logrotate.d/libvirtd:        missingok
/etc/logrotate.d/libvirtd:        rotate 4
/etc/logrotate.d/libvirtd:        compress
/etc/logrotate.d/libvirtd:        delaycompress
/etc/logrotate.d/libvirtd:        copytruncate
/etc/logrotate.d/libvirtd:        minsize 100k
/etc/logrotate.d/libvirtd:}
/etc/logrotate.d/libvirtd.libxl:/var/log/libvirt/libxl/*.log {
/etc/logrotate.d/libvirtd.libxl:        size 2097153
/etc/logrotate.d/libvirtd.libxl:        missingok
/etc/logrotate.d/libvirtd.libxl:        rotate 4
/etc/logrotate.d/libvirtd.libxl:        compress
/etc/logrotate.d/libvirtd.libxl:        delaycompress
/etc/logrotate.d/libvirtd.libxl:        copytruncate
/etc/logrotate.d/libvirtd.libxl:}
/etc/logrotate.d/libvirtd.lxc:/var/log/libvirt/lxc/*.log {
/etc/logrotate.d/libvirtd.lxc:        size 2097153
/etc/logrotate.d/libvirtd.lxc:        missingok
/etc/logrotate.d/libvirtd.lxc:        rotate 4
/etc/logrotate.d/libvirtd.lxc:        compress
/etc/logrotate.d/libvirtd.lxc:        delaycompress
/etc/logrotate.d/libvirtd.lxc:        copytruncate
/etc/logrotate.d/libvirtd.lxc:}
/etc/logrotate.d/libvirtd.qemu:/var/log/libvirt/qemu/*.log {
/etc/logrotate.d/libvirtd.qemu:        # The QEMU driver is configured to use virtlogd by
/etc/logrotate.d/libvirtd.qemu:        # default, which will perform log rollover.
/etc/logrotate.d/libvirtd.qemu:        # This logrotate config is still installed for cases
/etc/logrotate.d/libvirtd.qemu:        # where the user has switched off virtlogd.
/etc/logrotate.d/libvirtd.qemu:        #
/etc/logrotate.d/libvirtd.qemu:        # If virtlogd is active, ensure that size here is
/etc/logrotate.d/libvirtd.qemu:        # larger than 'max_size' in the virtlogd config
/etc/logrotate.d/libvirtd.qemu:        # so that logrotate becomes a no-op
/etc/logrotate.d/libvirtd.qemu:        size 2097153
/etc/logrotate.d/libvirtd.qemu:        missingok
/etc/logrotate.d/libvirtd.qemu:        rotate 4
/etc/logrotate.d/libvirtd.qemu:        compress
/etc/logrotate.d/libvirtd.qemu:        delaycompress
/etc/logrotate.d/libvirtd.qemu:        copytruncate
/etc/logrotate.d/libvirtd.qemu:}
/etc/logrotate.d/rsyslog:/var/log/syslog
/etc/logrotate.d/rsyslog:/var/log/mail.info
/etc/logrotate.d/rsyslog:/var/log/mail.warn
/etc/logrotate.d/rsyslog:/var/log/mail.err
/etc/logrotate.d/rsyslog:/var/log/mail.log
/etc/logrotate.d/rsyslog:/var/log/daemon.log
/etc/logrotate.d/rsyslog:/var/log/kern.log
/etc/logrotate.d/rsyslog:/var/log/auth.log
/etc/logrotate.d/rsyslog:/var/log/user.log
/etc/logrotate.d/rsyslog:/var/log/lpr.log
/etc/logrotate.d/rsyslog:/var/log/cron.log
/etc/logrotate.d/rsyslog:/var/log/debug
/etc/logrotate.d/rsyslog:/var/log/messages
/etc/logrotate.d/rsyslog:{
/etc/logrotate.d/rsyslog:	rotate 4
/etc/logrotate.d/rsyslog:	weekly
/etc/logrotate.d/rsyslog:	missingok
/etc/logrotate.d/rsyslog:	notifempty
/etc/logrotate.d/rsyslog:	compress
/etc/logrotate.d/rsyslog:	delaycompress
/etc/logrotate.d/rsyslog:	sharedscripts
/etc/logrotate.d/rsyslog:	postrotate
/etc/logrotate.d/rsyslog:		/usr/lib/rsyslog/rsyslog-rotate
/etc/logrotate.d/rsyslog:	endscript
/etc/logrotate.d/rsyslog:}
/etc/logrotate.d/sane-utils:/var/log/saned.log {
/etc/logrotate.d/sane-utils:    daily
/etc/logrotate.d/sane-utils:    missingok
/etc/logrotate.d/sane-utils:    rotate 7
/etc/logrotate.d/sane-utils:    compress
/etc/logrotate.d/sane-utils:    copytruncate
/etc/logrotate.d/sane-utils:    notifempty
/etc/logrotate.d/sane-utils:    create 640 saned saned
/etc/logrotate.d/sane-utils:}
/etc/logrotate.d/wtmp:/var/log/wtmp {
/etc/logrotate.d/wtmp:    missingok
/etc/logrotate.d/wtmp:    monthly
/etc/logrotate.d/wtmp:    create 0664 root utmp
/etc/logrotate.d/wtmp:    minsize 1M
/etc/logrotate.d/wtmp:    rotate 1
/etc/logrotate.d/wtmp:}

postcd
Posts: 133
Joined: 2022-01-08 18:33
Has thanked: 48 times
Been thanked: 2 times

Re: [Software] logrotate.conf ignoring older log files?

#8 Post by postcd »

Sorry for an update. I think that @fabien comment helped me to point into right direction (/etc/logrotate.d/rsyslog)

Maybe I have subconsciously assumed that main logrotate.conf is the main file that overrides everything, but no, apparently one have to spend time looking into /etc/logrotate.d/ and configure each log file instead to set global setting for all in logrotate.conf

I think that this helped me to get rid of old log files and keep sizes small:

$ cat /etc/logrotate.d/rsyslog
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 0
weekly
missingok
notifempty
maxsize 5M
maxage 30
# compress
# delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

Code: Select all

rotate 0
should ensure removal/replacement of old content instead of backing up the file with extension like log.file.1 and similar.

Good guide about parameters is in manual "man logrotate.conf"

Btw. one can also reduce usage by journal logs inside /etc/systemd/journald.conf changing SystemMaxUse= to lets say 100M.

Post Reply