LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-18-2012, 03:05 PM   #1
116Fanatic
LQ Newbie
 
Registered: Dec 2012
Posts: 5

Rep: Reputation: Disabled
Question Logrotate Logs not rotating Ubunutu 12.4 LTS


Hello,

I am a rookie when it comes to Linux, and I have been tasked with creating a syslog server using Ubuntu to hold logs for 100+ networking devices. I wanted a separate log for each source ip address and dynamically created with the date. I achieved this with the following in /etc/rsyslog.conf

$IncludeConfig /etc/rsyslog.d/*.conf

$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

$template DailyPerHostLogs,"/var/log/remotehosts/%HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log"
*.* -?DailyPerHostLogs;TraditionalFormat
& ~



Below is the relevant section of /etc/logrotate.d/rsyslog. (IP addresses replaced with XXX or YYY). I tried 2 different settings for 2 different logs and neither works.


##TEST1##
/var/log/remotehosts/XXX.XXX.XXX.XXX.*.log {
rotate 1
maxage 2
daily
missingok
notifempty
postrotate
/etc/init.d/rsyslog restart >/dev/null 2>&1 || true
endscript
}

##TEST2##
/var/log/remotehosts/YYY.YYY.YYY.YYY.*.log {
rotate 30
daily
missingok
notifempty
maxage 2
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}

Here is what is currently in my log location

-rw-r--r-- 1 root root 0 Dec 12 06:26 XXX.XXX.XXX.XXX.2012-12-11.log
-rw-r--r-- 1 root root 3236940 Dec 11 23:59 XXX.XXX.XXX.XXX.2012-12-11.log.1
-rw-r--r-- 1 root root 0 Dec 13 06:35 XXX.XXX.XXX.XXX.2012-12-12.log
-rw-r--r-- 1 root root 7033328 Dec 12 23:59 XXX.XXX.XXX.XXX.2012-12-12.log.1
-rw-r--r-- 1 root root 2369832 Dec 12 06:26 XXX.XXX.XXX.XXX.2012-12-12.log.2
-rw-r--r-- 1 root root 0 Dec 14 06:31 XXX.XXX.XXX.XXX.2012-12-13.log
-rw-r--r-- 1 root root 6566549 Dec 13 23:59 XXX.XXX.XXX.XXX.2012-12-13.log.1
-rw-r--r-- 1 root root 0 Dec 15 06:51 XXX.XXX.XXX.XXX.2012-12-14.log
-rw-r--r-- 1 root root 8569767 Dec 14 23:59 XXX.XXX.XXX.XXX.2012-12-14.log.1
-rw-r--r-- 1 root root 0 Dec 16 06:46 XXX.XXX.XXX.XXX.2012-12-15.log
-rw-r--r-- 1 root root 9113066 Dec 15 23:59 XXX.XXX.XXX.XXX.2012-12-15.log.1
-rw-r--r-- 1 root root 0 Dec 17 06:28 XXX.XXX.XXX.XXX.2012-12-16.log
-rw-r--r-- 1 root root 13063562 Dec 16 23:59 XXX.XXX.XXX.XXX.2012-12-16.log.1
-rw-r--r-- 1 root root 0 Dec 18 06:47 XXX.XXX.XXX.XXX.2012-12-17.log
-rw-r--r-- 1 root root 7929472 Dec 17 23:59 XXX.XXX.XXX.XXX.2012-12-17.log.1
-rw-r--r-- 1 root root 4438687 Dec 18 13:58 XXX.XXX.XXX.XXX.2012-12-18.log
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-06.log
-rw-r--r-- 1 root root 6843 Dec 6 23:17 YYY.YYY.YYY.YYY.2012-12-06.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-07.log
-rw-r--r-- 1 root root 23574 Dec 7 23:17 YYY.YYY.YYY.YYY.2012-12-07.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-08.log
-rw-r--r-- 1 root root 7693 Dec 8 23:17 YYY.YYY.YYY.YYY.2012-12-08.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-09.log
-rw-r--r-- 1 root root 8020 Dec 9 23:17 YYY.YYY.YYY.YYY.2012-12-09.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-10.log
-rw-r--r-- 1 root root 10790 Dec 10 23:17 YYY.YYY.YYY.YYY.2012-12-10.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-11.log
-rw-r--r-- 1 root root 19424 Dec 11 23:17 YYY.YYY.YYY.YYY.2012-12-11.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-12.log
-rw-r--r-- 1 root root 7842 Dec 12 23:17 YYY.YYY.YYY.YYY.2012-12-12.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-13.log
-rw-r--r-- 1 root root 16021 Dec 13 23:17 YYY.YYY.YYY.YYY.2012-12-13.log.1
-rw-r--r-- 1 root root 0 Dec 15 06:51 YYY.YYY.YYY.YYY.2012-12-14.log
-rw-r--r-- 1 root root 13646 Dec 14 23:17 YYY.YYY.YYY.YYY.2012-12-14.log.1
-rw-r--r-- 1 root root 0 Dec 16 06:46 YYY.YYY.YYY.YYY.2012-12-15.log
-rw-r--r-- 1 root root 14604 Dec 15 23:17 YYY.YYY.YYY.YYY.2012-12-15.log.1
-rw-r--r-- 1 root root 0 Dec 17 06:28 YYY.YYY.YYY.YYY.2012-12-16.log
-rw-r--r-- 1 root root 16194 Dec 16 23:17 YYY.YYY.YYY.YYY.2012-12-16.log.1
-rw-r--r-- 1 root root 0 Dec 18 06:47 YYY.YYY.YYY.YYY.2012-12-17.log
-rw-r--r-- 1 root root 17130 Dec 17 23:17 YYY.YYY.YYY.YYY.2012-12-17.log.1
-rw-r--r-- 1 root root 18255 Dec 18 13:45 YYY.YYY.YYY.YYY.2012-12-18.log




So, initially I want to be able to delete all files that are older than X day(s). And modify this value based on the device. In this example, I want XXX to delete files older than 1 day and YYY to delete files older than 30. It seems like it is renaming the old file with a .1 at the end, creating a new file that is empty, and that is it. I've researched this for hours and tried various things found in the man pages but nothing seems to produce the result that I want. Any help would be appreciated. If I didn't explain something correctly, please let me know.

Thanks!!
 
Old 12-19-2012, 08:46 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,462

Rep: Reputation: 438Reputation: 438Reputation: 438Reputation: 438Reputation: 438
Is your syslog server logs rotating correctly? If so then check to see how the default syslogd and rsyslogd are being treated.

For example on my CentOS server I have:

Code:
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
Rather then a direct init.d restart of the deamon.
 
Old 12-19-2012, 08:48 AM   #3
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,462

Rep: Reputation: 438Reputation: 438Reputation: 438Reputation: 438Reputation: 438
Here's also my syslog.d entry that's doing a daily rotate of logs from a remote device:

Code:
/var/log/remote/fortigate.log {
    compress
    rotate 31
    daily
    missingok
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
 
Old 12-19-2012, 08:52 AM   #4
thesnow
Member
 
Registered: Nov 2010
Location: Minneapolis, MN
Distribution: Ubuntu, Red Hat, Mint
Posts: 126

Rep: Reputation: 28
You could do something like this, modify the 90 to meet your needs (this deletes log files last modified more than 90 days ago).

Code:
    postrotate
        /usr/bin/find /path/to/your/logs -mtime +90 | /usr/bin/xargs /bin/rm
    endscript
You can also try adding "copytruncate" into your definition.

Last edited by thesnow; 12-19-2012 at 08:54 AM. Reason: copytruncate
 
Old 12-27-2012, 09:20 AM   #5
116Fanatic
LQ Newbie
 
Registered: Dec 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Im sorry it has taken so long to reply - I have been out for Christmas. I attempted your suggestions but was still unsuccessful. I came to the idea that maybe the dynamic portion of the code was the issue %HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log and instead reverted to an individual log as so:

$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

if $fromhost-ip == 'XXX.XXX.XXX.XXX' then /var/log/remotehosts/FW.log
*.* -?TraditionalFormat

& ~


I modified the logrotate.d/rsyslog.conf like this:

##FW##
/var/log/remotehosts/FW.log
{
rotate 2
daily
missingok
notifempty
ipostrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}



Now it doesn't appear to be rotating at all... It created one empty file FW.log.1 and just kept appending the original file for many days. Also, I'm not sure if this would cause anything, but when I deleted the original directory, modified this code, and first restarted the rsyslog service, the /var/log/remotehosts directory denied me access. So I did chmod 777 /var/log/remotehosts..... Any ideas? I appreciate the help that you have already offered.
 
Old 01-04-2013, 01:51 PM   #6
116Fanatic
LQ Newbie
 
Registered: Dec 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Turned out to be a permissions issue..The solution was:

create 640 syslog adm

Also did

sudo chown syslog:adm remotehosts
sudo chown syslog:adm FW.log

Last edited by 116Fanatic; 01-04-2013 at 01:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
logrotate not rotating dman777 Linux - Software 3 08-23-2011 06:57 AM
Logs not rotating Arty Ziff Linux - Server 5 01-04-2011 01:51 AM
logrotate not rotating files with date extension ajayan Linux - Newbie 1 10-25-2010 06:08 PM
Logrotate rotating daily when should rotate weekly nanda_martins Linux - Server 14 03-29-2010 12:24 PM
Logrotate/ bash script not rotating file noir911 Linux - Server 2 01-15-2009 03:56 PM


All times are GMT -5. The time now is 08:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration