I need to change the read permissions from 640 to 644 so a different Linux user can access the MariaDB error log. My server's host uses CloudLinux and it is setup to use logrotate with the MariaDD error log. I'll mildly decent at find and grep and that is how I figured out it was logrotate` creating new files for each day. What the files look like in my FTP/SSH: - /var/log/mysql.error.log - /var/log/mysql.error.log-20250721 - /var/log/mysql.error.log-20250722 - /var/log/mysql.error.log-20250723 So logrotate has two files that I think are relevant however I've done the one obvious thing a day ago and after 24 hours passed the new log file was created using 640 permissions instead of 644: **/etc/logrotate.d/mariadb** > /var/lib/mysql/mysqld.log /var/lib/mysql/mariadb.log > /var/log/mariadb/*.log { > > \# Depends on a mysql@localhost unix_socket authenticated user with > RELOAD privilege su mysql mysql > > \# If any of the files listed above is missing, skip them silently > without # emitting any errors missingok > > \# If file exists but is empty, don't rotate it notifempty > > \# Run monthly monthly > > \# Keep 6 months of logs rotate 6 > > \# If file is growing too big, rotate immediately maxsize 500M > > \# If file size is too small, don't rotate at all minsize 50M > > \# Compress logs, as they are text and compression will save a lot of > disk space compress > > \# Don't compress the log immediately to avoid errors about "file > size changed while zipping" delaycompress > > \# Don't run the postrotate script for each file configured in this > file, but # run it only once if one or more files were rotated > sharedscripts > > \# After each rotation, run this custom script to flush the logs. > Note that # this assumes that the mariadb-admin command has database > access, which it # has thanks to the default use of Unix socket > authentication for the 'mysql' # (or root on Debian) account used > everywhere since MariaDB 10.4. postrotate > if test -r /etc/mysql/debian.cnf > then > EXTRAPARAM='--defaults-file=/etc/mysql/debian.cnf' > fi > > if test -x /usr/bin/mariadb-admin > then > /usr/bin/mariadb-admin $EXTRAPARAM --local flush-error-log \ > flush-engine-log flush-general-log flush-slow-log > fi endscript } **/etc/logrotate.d/mariadb** /var/log/mysql.error.log { create 644 mysql root notifempty daily rotate 5 missingok nocompress nocopytruncate dateext sharedscripts postrotate env HOME=/root/ /usr/bin/mysql -e 'flush logs' endscript So I changed the 640 to 644 in the **/etc/logrotate.d/mariadb** file and the file for the 23rd was still created using 640 permissions. **How do I force logrotate to create files using 644 permissions?** In the interim I looked up other examples and for some reason my file was missing the closing }, maybe that was the issue? However I'm not entirely sure, I'm only mildly versed in Linux and I don't want to wait 24 hours for *every* little thing to try or this will never get done!

This is related to https://unix.stackexchange.com/questions/499053/logrotate-not-able-to-truncate-catalina-out which is incorrectly closed as a duplicate, even though the duplicate question describes a subtly different issue with a very different solution. Question (abbreviated to the relevant parts for brevity): With the following logrotate configuration, why does the log rotate, but catalina.out does not get truncated? (This is different from the behavior in the question linked as a duplicate, where rotating did not happen at all). /log/apache-tomcat/catalina.out{ copytruncate daily size 256M rotate 8 missingok maxage 7 } logrotate -v verifies that copying the log file, compressing and truncating all are happening.

My Linux Mint system reports that /var/log occupies 165 GB of space, but all subdirectories and files within it are small (total <100 MB). This is causing the root partition (/) to fill up, preventing normal system operation Checked disk usage with sudo du -hxd1 /var/log | sort -hr – no large files found. Cleared journal logs:

sudo journalctl --vacuum-size=0
sudo rm -rf /var/log/journal/*
sudo systemctl restart systemd-journald

Looked for "deleted but open" files with

sudo lsof | grep deleted | grep '/var/log'

– no results. Verified filesystem integrity with

sudo e2fsck -n /dev/sda3

– no errors found. Checked extended attributes (getfattr, lsattr) – nothing unusual. Restarted the system multiple times – no change.

df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sdb3       199G  193G  6.3G  97% /


sudo du -hxd1 /var/log:
165G    /var/log
4.0K    /var/log/private
12M     /var/log/apt
... (other small directories)

- What could explain the discrepancy between du and df? - How can I safely reclaim the "phantom" 165 GB in /var/log?

Logrotate is not rotating automatically, but it's working with logrotate -d and logrotate -f with no errors showing. But it's not running automatically each day. Below is the logrotate -d output. logrotate -d /etc/logrotate.d/lumen reading config file /etc/logrotate.d/lumen Allocating hash table for state file, size 15360 B Handling 1 logs rotating pattern: /var/www/*/storage/logs/*.log after 1 days (365 rotations) empty log files are rotated, old logs are removed switching euid to 48 and egid to 48 considering log /var/www/testdir/storage/logs/laravel.log log needs rotating rotating log /var/www/testdir/storage/logs/laravel.log, log->rotateCount is 365 Converted ' -%Y%m%d' -> '-%Y%m%d' dateext suffix '-20190425' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' compressing log with: /bin/gzip fscreate context set to unconfined_u:object_r:httpd_user_rw_content_t:s0 renaming /var/www/testdir/storage/logs/laravel.log to /var/www/testdir/storage/logs/laravel.log-20190425 switching euid to 0 and egid to 0

How do I trigger a manual logrotation for a service while using logrotate? Basically, I want my current log-files for all my APPLICATION to be empty, and the existing one should be moved to the 1 or .gz; whatever may apply. --- (While I could truncate the logfile manually via:

truncate -s 0 /var/log/APPLICATION/*.log

I don't want ignore the existing tool nor do I want to lose log data.) --- More context: An application on an Ubuntu Server (22.04.3) creates logfiles within /var/log/APPLICATION/MY_LOG.log I also see that there are .1 and .gz-files:

/var/log/APPLICATION/SOME_LOG.log
/var/log/APPLICATION/SOME_LOG.log.1
/var/log/APPLICATION/SOME_LOG.log.2.gz
/var/log/APPLICATION/SOME_LOG.log.3.gz
...

I assume that logrotate is used that creates new files after a certain criteria is met, as there is a config at:

/etc/logrotate.conf

which inlcudes:

/etc/logrotate.d/APPLICATION

which defines log configuration like so:

/var/log/APPLICATION/SOME_LOG.log
{
        rotate 30
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                reload rsyslog >/dev/null 2>&1 || true
        endscript
        create 0644 syslog adm
}

I would just like to make sure I can put in a relatively large value like 730 for two years without having something unexpected happen.

Can anybody please explain me about the function of 'rotate' and 'maxage' in logrotation as this is very confusing . consider am using the below values in my script: rotate 30 maxage 30 Thank you..

I am using **logrotate** on **RHEL 9** to rotate access logs of an Apache 2.4 (actually IBM HTTP Server) running as root. The config I use is a series of the following for each access.log file: /logs/access.log { compress dateext maxage 60 rotate 99 daily notifempty missingok postrotate /bin/apachectl restart /bin/sleep 10|/bin/true endscript } However, after the rotation (and the postrotate action) the apache process seems to keep writing to the previous file /logs/access-.log *(the file inode to be honest)*, which now is deleted from compression action. The apache process starts writing to the original file /logs/access.log again only when running /bin/apachectl restart from cli. I have tried all possible combinations *(e.g. delaycompress, group all access files in one config and set sharedscripts etc)* on how to resolve this, except copytruncate, which I would like to avoid.

I have what (should) be a fairly straightforward task: Migrate a set of custom log files to a database at night. I use logrotate (cron.daily) with a simple prerotate task /var/log/myapplog/*.log { daily copytruncate rotate 366 dateext dateformat .%Y-%m-%d compress missingok compresscmd /usr/bin/xz compressoptions -ze9 compressext .xz prerotate /usr/local/myapp/bin/DBWriter $1 endscript } Unfortunately SELinux doesn't see it that way. If I setenforce 0 then the script runs perfectly. Rotates logs, sends them to the DB, etc. setenforce 1, however, returns : logrotate_script: line 1: /usr/local/myapp/bin/DBWriter: Permission denied I've tried changing contexts on DBWriter, most recently I set it to unconfined_u:unconfined_r:unconfined_t which did not work either... Ideally, I need to keep SELinux enabled. If it matters, DBWriter is also available as a java .jar file. But running java -jar DBWriter.jar has the same result. Thanks in advance! ---- Edit: Win.T's answer below solved the problem for me. semanage permissive -a logrotate_t Part of the problem is that I was trying to do _exactly_ what SELinux is designed to prevent: cause process A to execute unknown file B and wreak havoc on system C Project design considerations and restrictions put us on this path. Clients don't always want to hear about those fancy buzz words like security and future-proofing.

I have this config for log detail: /opt/freeradius/logs/*/detail { daily rotate 4 compress delaycompress missingok notifempty create 0640 root root sharedscripts maxsize 500M postrotate /bin/systemctl reload freeradius > /dev/null 2>/dev/null || true endscript } I have these olds logs with new logs : [root@freeradius01 192.168.17.10]# pwd /opt/freeradius/logs/192.168.17.10 [root@freeradius01 192.168.17.10]# ll total 56919724 -rwxrwxrwx 1 root root 21048752215 Aug 14 23:59 detail-20240814 -rwxrwxrwx 1 root root 21617187765 Aug 15 23:59 detail-20240815 -rwxrwxrwx 1 root root 5988044800 Aug 16 23:59 detail-20240816 -rwxrwxrwx 1 root root 5947392 Sep 25 23:59 detail-20240925 -rwxrwxrwx 1 root root 7478423552 Oct 21 23:59 detail-20241021 -rwxrwxrwx 1 root root 1907452140 Oct 22 11:19 detail-20241022 [root@freeradius01 192.168.17.10]# When running logrotate manually and forced with verbos I have this result: [root@freeradius01 192.168.17.10]# /usr/sbin/logrotate -v -f /etc/logrotate.d/radiusd reading config file /etc/logrotate.d/radiusd Reading state from file: /var/lib/logrotate/logrotate.status Allocating hash table for state file, size 64 entries Creating new state Creating new state Creating new state .. .. Creating new state Handling logs rotating pattern: /opt/freeradius/logs/*/detail forced from command line (4 rotations) empty log files are not rotated, log files >= 524288000 are rotated earlier, old logs are removed considering log /opt/freeradius/logs/*/detail not running postrotate script, since no logs were rotated [root@freeradius01 192.168.17.10]# ll total 56919724 -rwxrwxrwx 1 root root 21048752215 Aug 14 23:59 detail-20240814 -rwxrwxrwx 1 root root 21617187765 Aug 15 23:59 detail-20240815 -rwxrwxrwx 1 root root 5988044800 Aug 16 23:59 detail-20240816 -rwxrwxrwx 1 root root 5947392 Sep 25 23:59 detail-20240925 -rwxrwxrwx 1 root root 7478423552 Oct 21 23:59 detail-20241021 -rwxrwxrwx 1 root root 1968389637 Oct 22 11:22 detail-20241022 [root@freeradius01 192.168.17.10]# grep "detail" /var/lib/logrotate/logrotate.status "/var/log/radius/radacct/*/detail" 2024-3-5-3:0:0 "/opt/freeradius/logs/*/detail" 2024-3-5-3:0:0 [root@freeradius01 192.168.17.10]# date Tue Oct 22 11:22:45 WAT 2024 [root@freeradius01 192.168.17.10]# **So the log rotation not running despite I runned it manually / also old logs not compressed!!?**

on a Centos 8 server, I attached a bigger disk mounted to /mnt/data. The server runs rsyslogd which has a policy to write logs from external systems to /mnt/data/logs/$HOSTNAME. I do now have the problem that either logrotate doesn't rotate the logs when selinux fcontext for /mnt/data/logs is set to "syslogd_var_lib_t" , or rsyslod doesn't write data to files when fcontext is set to "logrotate_var_lib_t". I found several solutions for samba and httpd where bools are set to "*anon_write 1", but for syslog and logrotate, I don't see bools. Is there a way to let selinux allow both logrotate and rsyslogd in /mnt/data/logs ? sealert output with fcontext of /mnt/data/logs is set to 'logrotate_var_lib_t':

SELinux is preventing /usr/sbin/rsyslogd from append access on the file 10.9.7.15.log.                     

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that rsyslogd should be allowed append access on the 10.9.7.15.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rs:main Q:Reg' --raw | audit2allow -M my-rsmainQReg
# semodule -X 300 -i my-rsmainQReg.pp


Additional Information:
Source Context                system_u:system_r:syslogd_t:s0
Target Context                system_u:object_r:logrotate_var_lib_t:s0
Target Objects                10.9.7.15.log [ file ]
Source                        rs:main Q:Reg
Source Path                   /usr/sbin/rsyslogd
Port                          
Host                          HAMS010125.global.bdfgroup.net
Source RPM Packages           rsyslog-8.1911.0-6.el8.x86_64
Target RPM Packages
SELinux Policy RPM            selinux-policy-targeted-3.14.3-54.el8.noarch
Local Policy RPM              selinux-policy-targeted-3.14.3-54.el8.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     HAMS010125.global.bdfgroup.net
Platform                      Linux HAMS010125.global.bdfgroup.net
                              4.18.0-240.1.1.el8_3.x86_64 #1 SMP Thu Nov 19
                              17:20:08 UTC 2020 x86_64 x86_64
Alert Count                   68679
First Seen                    2021-03-30 07:47:58 CEST
Last Seen                     2021-03-30 10:47:03 CEST
Local ID                      5ee9e182-0188-4ac8-b28e-5c8c9ab18933

Raw Audit Messages
type=AVC msg=audit(1617094023.794:76568): avc:  denied  { append } for  pid=1452 comm=72733A6D61696E20513A526567 n
ame="10.9.7.15.log" dev="dm-3" ino=23330820 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:log
rotate_var_lib_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1617094023.794:76568): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffff9c a1=7f8
2b40a4fa0 a2=80541 a3=1a4 items=0 ppid=1 pid=1452 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm=rs:main Q:Reg exe=/usr/sbin/rsyslogd subj=system_u:system_r:syslogd_t:s0 ke
y=(null)

Hash: rs:main Q:Reg,syslogd_t,logrotate_var_lib_t,file,append

sealert output with fcontext of /mnt/data/logs set to 'syslogd_var_lib_t':

SELinux is preventing /usr/sbin/logrotate from read access on the file 10.9.7.16.log.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that logrotate should be allowed read access on the 10.9.7.16.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'logrotate' --raw | audit2allow -M my-logrotate
# semodule -X 300 -i my-logrotate.pp


Additional Information:
Source Context                system_u:system_r:logrotate_t:s0-s0:c0.c1023
Target Context                system_u:object_r:syslogd_var_lib_t:s0
Target Objects                10.9.7.16.log [ file ]
Source                        logrotate
Source Path                   /usr/sbin/logrotate
Port                          
Host                          HAMS010125.global.bdfgroup.net
Source RPM Packages
Target RPM Packages
SELinux Policy RPM            selinux-policy-targeted-3.14.3-54.el8.noarch
Local Policy RPM              selinux-policy-targeted-3.14.3-54.el8.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     HAMS010125.global.bdfgroup.net
Platform                      Linux HAMS010125.global.bdfgroup.net
                              4.18.0-240.1.1.el8_3.x86_64 #1 SMP Thu Nov 19
                              17:20:08 UTC 2020 x86_64 x86_64
Alert Count                   8
 First Seen                    2021-03-26 02:51:01 CET
 Last Seen                     2021-03-29 02:51:01 CEST
 Local ID                      9ee8b323-1833-484b-b7c7-4b746c30d60b

Raw Audit Messages
type=AVC msg=audit(1616979061.951:6206): avc:  denied  { read } for  pid=632546 comm="logrotate" name="10.9.7.16.$
og" dev="dm-3" ino=23330825 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysl$
gd_var_lib_t:s0 tclass=file permissive=0

 
Hash: logrotate,logrotate_t,syslogd_var_lib_t,file,read

Any hint appreciated, thanks.

I am looking for advice about logrotate. I have recently installed log2ram to spare my ssd. Since I was not using all 24Gb RAM I assigned 2Gb to /var/log/. currently +- 300Mb is used. I would like logrotate to move any file ending with .gz potentially in any sub-direcory to /var/old.log/ and maintain the sub-directory structure. I have done some research and found a possible solution but now raises questions. https://unix.stackexchange.com/questions/59112/preserve-directory-structure-when-moving-files-using-find https://unix.stackexchange.com/questions/319020/compress-old-log-files-and-move-to-new-directory 1. When logrotate runs this side script to move these files for example i moves /var/log/file.log.2.gz will it then not create a new file.log.2.gz when rotating logs instead of moving file.log.2.gz to file.log.3.gz as file.log.2.gz is no longer there. Then eventually the script overwrites the old logs due to the same name 2. I do not fully understand the olddir option as I understand this could do what I want. but manual states be cautious with wildcards. any help here 3. When to time this, /var/log is created during boot with the contents of /var/hdd.log/ it then updates /var/hdd.log when rebooting. I want logrotate to move the compressed files to a other directory so It will not be loaded on the tmpfs but I don't want to edit each /etc/logrotate.d/* file. I thought maybe put something before log2ram creates /var/log during boot but I do not know where. This system runs 24/7 and I try to reboot as minimal as possible. OS: Ubuntu 22.04 LTS Sometimes manuals are too obvious sometimes there very vague. Maybe someone can explain it in a more complex or easier way for me to understand. Thank you for your time.

I'm trying to get a better understanding of how log management works on a Linux server. When I install a Linux server, I notice that there are many log files and directories in /var/log. My concern is about the potential for these log files to grow indefinitely until the server runs out of space. What are the default mechanisms in place on a typical Linux server to prevent log files from growing indefinitely? I know that logrotate is commonly used to manage log file growth, but is there a standard recommended practice for configuring logrotate on a server? Without proper configuration, it seems like the server could eventually run out of space.

**Context:** I have cursory bash experience. I do not fully get file descriptors, just some basic usage. Trying to create a setup script. Most done, but a few "kinks" remain. So here is a newbie question on logging and file descriptors! **Goal(s):** * Log all executions of the script to a *daily logfile*. * If script is executed multiple times one day, logfile is appended to. * I do not want several logfiles per day, one rotation per day is plenty. * I output * (a) basic/overview/main info to the console, and (using e g echo [...] >&3. * (b) all "details" go to the logfile (all standard output, echo). (See sample script.) * Avoid log function: I would love to avoid having special log functions to call, but maybe that is the only way... ### Problem/obstacle: When I create the file descriptor, it seems the logfile is reset/emptied. **Example:** Again, see sample script below. First cat (row 3) indeed outputs previous contents of the logfile. But after setting up the file descriptors for logging on row 5, the cat on row 7 always outputs nothing. ---- **Question(s):** * **(A)** Can I use this approach and somehow create a file descriptor for an existing file, and avoid it "resetting"/emptying the existing file of its previous contents? * **(B)** *If* that approach can *not* work, is there an alternative way that accomplishes my goals? ## Sample script

LOG_FILE="./$(date -u +%Y%m%dTZ).log.txt"
touch $LOG_FILE
cat $LOG_FILE
echo -----------------------
exec 3>&1 1>"$LOG_FILE" 2>&1 #TODO: suspect this file descriptor creation resets existing file. Investigate if/how this can be avoided.
echo +++++++++++++++++++++++ >&3
cat $LOG_FILE >&3 # this is always empty
echo +++++++++++++++++++++++ >&3
read -t 2
echo "${blu}=================================================="
echo Logging some. Time: $(date -Iseconds) 
echo "==================================================${end}"

------ *I have of course searched to try and find a solution, but for this problem it seems I cannot find any good discussions at all. Lots on file descriptors, but I have not managed to find anyone asking this question. I may be using the wrong keywords, ofc. I found this related question , and others a bit like that.* Thanks alot for reading my question!

I am working on a java application running in Ubuntu Server (16.04) which copies log files from certain folders and consolidate then when user closes the session. In ubuntu server rsyslog filters and keeps generating logs from different devices (external) and stores logs in a folder. After the files copied by java application I need to rotate the logs. For that I am planning to use logrotate program. I created a config to rotate this files once a session is closed (user triggers this by closing the session in application). The files created in the folder (/media/content/persist/log/external/) as below: -rwxr-xr-x 1 syslog syslog 283 Jul 1 20:49 192.168.10.100-syslog.log -rwxr-xr-x 1 syslog syslog 24K Jul 1 21:25 192.168.10.11-syslog.log -rwxr-xr-x 1 syslog syslog 8.6K Jul 1 21:25 192.168.10.10-syslog.log -rwxr-xr-x 1 syslog syslog 439K Jul 1 21:40 192.168.10.12-syslog.log Log rotate config: **File: rsyslog-fc-rotate.conf ** /media/content/persist/log/external/*-syslog.log { rotate 4 maxsize 5M compress missingok notifempty postrotate invoke-rc.d rsyslog rotate > /dev/null endscript } When I run logrotate manually I am getting the result below without any rotation is being happend > logrotate -f -d -v rsyslog-fc-rotate.conf reading config file rsyslog-fc-rotate.conf Handling 1 logs rotating pattern: /media/content/persist/log/external/*-syslog.log forced from command line (4 rotations) empty log files are not rotated, log files >= 5242880 are rotated earlier, old logs are removed considering log /media/content/persist/log/external/192.168.10.100-syslog.log log needs rotating considering log /media/content/persist/log/external/192.168.10.10-syslog.log log needs rotating considering log /media/content/persist/log/external/192.168.10.11-syslog.log log needs rotating considering log /media/content/persist/log/external/192.168.10.12-syslog.log log needs rotating rotating log /media/content/persist/log/external/192.168.10.100-syslog.log, log->rotateCount is 4 dateext suffix '-20240701' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' renaming /media/content/persist/log/external/192.168.10.100-syslog.log.4.gz to /media/content/persist/log/external/192.168.10.100-syslog.log.5.gz (rotatecount 4, logstart 1, i 4), renaming /media/content/persist/log/external/192.168.10.100-syslog.log.3.gz to /media/content/persist/log/external/192.168.10.100-syslog.log.4.gz (rotatecount 4, logstart 1, i 3), renaming /media/content/persist/log/external/192.168.10.100-syslog.log.2.gz to /media/content/persist/log/external/192.168.10.100-syslog.log.3.gz (rotatecount 4, logstart 1, i 2), renaming /media/content/persist/log/external/192.168.10.100-syslog.log.1.gz to /media/content/persist/log/external/192.168.10.100-syslog.log.2.gz (rotatecount 4, logstart 1, i 1), renaming /media/content/persist/log/external/192.168.10.100-syslog.log.0.gz to /media/content/persist/log/external/192.168.10.100-syslog.log.1.gz (rotatecount 4, logstart 1, i 0), renaming /media/content/persist/log/external/192.168.10.100-syslog.log to /media/content/persist/log/external/192.168.10.100-syslog.log.1 running postrotate script running script with arg /media/content/persist/log/external/192.168.10.100-syslog.log: " invoke-rc.d rsyslog reload > /dev/null " compressing log with: /bin/gzip removing old log /media/content/persist/log/external/192.168.10.100-syslog.log.5.gz error: error opening /media/content/persist/log/external/192.168.10.100-syslog.log.5.gz: No such file or directory This message is repeating for all the files and no rotation is happening. Not sure why it is failing. In my application with this config, for every session close the files needs to be rotated. This logrorate call will be coming from a java service.

This is related to another question on logrotate qs1 . When running the command logrotate /etc/logrotate.d/test, I am also getting a error: error setting owner of /var/lib/logrotate/status.tmp to uid 0 and gid 0: Operation not permitted error. The answer in the other question said that this issue can be fixed using the sudo command sudo logrotate /etc/logrotate.d/test . Is there a way to fix this without the sudo access? Can I avoid setting the owner to uid 0 and gid 0?

I saw the size directive and created the configuration file /etc/logrotate.d/test: /home/user/log1 { size 100 rotate 3 compress } but it doesn't work as I expect. The file should be rotated when its size becomes more than 100 bytes, and this does not happen. Nothing happens when the file size exceeds the limit, the file is not rotated, a new archive with the old log1 file is not created Is it possible to achieve this behavior with logrotate? OS is ubuntu 20

One of our servers has Alfresco installed, and this is the content of /opt/alfresco/tomcat/logs: -rw-r--r-- 1 root root 4.1K Jun 29 10:41 catalina.2015-06-29.log -rw-r--r-- 1 root root 352 Jul 1 18:36 catalina.2015-07-01.log -rw-r--r-- 1 root root 1.3M Jul 13 14:49 catalina.out -rw-r--r-- 1 root root 0 Jun 29 10:38 host-manager.2015-06-29.log -rw-r--r-- 1 root root 7.9K Jun 26 19:02 localhost.2015-06-26.log -rw-r--r-- 1 root root 33K Jun 29 10:39 localhost.2015-06-29.log -rw-r--r-- 1 root root 98M Jun 17 00:00 localhost_access_log.2015-06-16.txt -rw-r--r-- 1 root root 98M Jun 18 00:00 localhost_access_log.2015-06-17.txt -rw-r--r-- 1 root root 98M Jun 19 00:00 localhost_access_log.2015-06-18.txt -rw-r--r-- 1 root root 98M Jun 20 00:00 localhost_access_log.2015-06-19.txt (...) -rw-r--r-- 1 root root 75M Jul 12 00:00 localhost_access_log.2015-07-11.txt -rw-r--r-- 1 root root 80M Jul 13 00:00 localhost_access_log.2015-07-12.txt -rw-r--r-- 1 root root 85M Jul 14 00:00 localhost_access_log.2015-07-13.txt -rw-r--r-- 1 root root 40M Jul 14 09:52 localhost_access_log.2015-07-14.txt -rw-r--r-- 1 root root 0 Jun 29 10:38 manager.2015-06-29.log Some process is obviously rotating the logs daily. However, there's nothing operating on the Tomcat logs in /etc/logrotate.d -- or even in /etc/cron.d/ or the crontab file. Is there any setting in Tomcat or Alfresco that does this? I'm asking because I want to add a "compress" option. For now I've accomplished this result via a find one-liner script put as a daily cron job, but I like to do things in a cleaner way.

I started official nginx image in podman under root with command: sudo podman run --name nginx \ ... \ -v /var/log/nginx:/var/log/nginx \ docker.io/library/nginx:latest Logging working ok, but when try to logrotate on the host machine with all configurations taken from internet it fails, for example this one: /var/log/nginx/*.log { hourly missingok rotate 24 compress delaycompress notifempty su root root create 0644 sharedscripts postrotate podman exec nginx /bin/bash reset_log.sh endscript } reset_log.sh script contains well known command to start new log, and it works as expected if log into container and run manually: kill -USR1 cat /var/run/nginx.pid But all this stuff does not work together as expected, logging continues to access.log.1 file or no logging at all. Tried variants without 'su root root', without 'create ..' - no success. Update: it seems there is a permission issue, need more investigation. manual enforced command logrotate -f -v /etc/logrotate.conf works as expected. No selinux or apparmor installed on host (arch linux) systemd: Starting Rotate log files... conmon: conmon 32834b35446220b4e6d4 : runtime stderr: setns mnt: Operation not permitted fail startup conmon: conmon 32834b35446220b4e6d4 : Failed to create container: exit status 1 logrotate: Error: crun: setns mnt: Operation not permitted: OCI permission denied logrotate: error: error running shared postrotate script for '/var/log/nginx/*.log ' systemd: logrotate.service: Main process exited, code=exited, status=1/FAILURE systemd: logrotate.service: Failed with result 'exit-code'. systemd: Failed to start Rotate log files.

From the manual: > Each configuration file can set global options (local definitions override global ones, and later definitions override earlier ones) and specify logfiles to rotate. If I understand the definition correctly, /path2/dir1/.log options set from the first block will be overwritten by the end block settings. There are a number of dirs that are in /path2/ and I don't want to write them out individually. /path1/*/*.log /path2/*/*.log /path3/*/*.log /path4/*/*.log /path5/*/*.log { size 100k rotate 10 compress dateext postrotate service rsyslog restart >/dev/null 2>&1 || true endscript } /path3/dir1/*.log { size 200k rotate 50 compress dateext postrotate service rsyslog restart >/dev/null 2>&1 || true endscript } When running test I don't trust my understanding. It seems that in this test that dir1 would have been handled by the first set of options and then again with the 2nd set of options. logrotate -d mylogconf 2>&1 | less reading config file mylogconf Allocating hash table for state file, size 15360 B Handling 3 logs rotating pattern: /path1/*/*.txt after 1 days (360 rotations) empty log files are not rotated, old logs are removed No logs found. Rotation not needed. rotating pattern: /path2/*/*.txt /path3/*/*.txt 153600 bytes (40 rotations) empty log files are not rotated, old logs are removed No logs found. Rotation not needed. rotating pattern: /path3/dir1/*.txt 204800 bytes (50 rotations) empty log files are not rotated, old logs are removed No logs found. Rotation not needed. If I am correct, then I think my conf file needs to look something like this: /path1/*/*.log /path2/*/*.log /path3/dir2/*.log /path3/dir3/*.log /path3/dir4/*.log { size 100k rotate 4 } /path3/dir1/*.log { size 200k rotate 50 }