Logrotate não está girando logs no AWS Linux

1

Eu tenho um problema com o Logrotate que não roda logs em uma das minhas máquinas Amazon Linux. Esta caixa usa o rsyslog e recebe logs de outros dispositivos. Como tal, uma regra de caractere curinga foi usada e pensei que esse era o problema, embora a remoção não ajude. Eu tentei forçar uma rotação usando logrotate -fv, mas enquanto ele diz que os logs devem ser rotacionados, um archive de dateext do log não é criado em / var / log. O curioso é que isso estava funcionando até julho e, devido a algumas mudanças feitas naquela época, ele parou de funcionar. Aqui está a configuração logrotate para os arquivos rsyslog (/etc/logrotate.d/rsyslog):

/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log{
    compress
    notifempty
    daily
    sharedscripts
    postrotate
         service rsyslog restart >/dev/null 2>&1 || true
    endscript
}

Aqui está a saída de um comando logrotate -fv:

reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file dracut
reading config info for /var/log/dracut.log
reading config file psacct
reading config info for /var/account/pacct
reading config file rsyslog
reading config info for /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log
reading config file yum
reading config info for /var/log/yum.log
reading config info for /var/log/wtmp
reading config info for /var/log/btmp

Handling 6 logs

rotating pattern: /var/log/dracut.log  forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/dracut.log
  log does not need rotating

rotating pattern: /var/account/pacct  forced from command line (31 rotations)
empty log files are not rotated, old logs are removed
considering log /var/account/pacct
  log does not need rotating
not running postrotate script, since no logs were rotated

rotating pattern: /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/cron
  log needs rotating
considering log /var/log/maillog
  log needs rotating
considering log /var/log/messages
error: stat of /var/log/messages failed: No such file or directory
considering log /var/log/secure
  log needs rotating
considering log /var/log/spooler
error: stat of /var/log/spooler failed: No such file or directory
considering log /var/log/boot.log
  log needs rotating
considering log /var/log/system-10.0.1.5.log
  log needs rotating
considering log /var/log/system-10.10.200.1.log
  log needs rotating
considering log /var/log/system-10.50.10.1.log
  log needs rotating
considering log /var/log/system-10.70.10.1.log
  log needs rotating
considering log /var/log/system-usawsnet01.log
  log needs rotating
rotating log /var/log/cron, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/maillog, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/secure, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/boot.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.0.1.5.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.10.200.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.50.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.70.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-usawsnet01.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed

rotating pattern: /var/log/yum.log  forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/yum.log
  log does not need rotating

rotating pattern: /var/log/wtmp  forced from command line (1 rotations)
empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed
considering log /var/log/wtmp
  log needs rotating
rotating log /var/log/wtmp, log->rotateCount is 1
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/wtmp-20160916 already exists, skipping rotation

rotating pattern: /var/log/btmp  forced from command line (1 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/btmp
  log /var/log/btmp does not exist -- skipping

Ele afirma que os logs precisam de rotação e a força deve fazer isso, mas depois de executar isso eu só tenho os seguintes arquivos em / var / log (observe os logs corretamente rotacionados antes de 24 de julho):

-rw-------  1 root root  385 Jul 21 03:13 secure-20160720.gz
-rw-------  1 root root  303 Jul 22 03:35 secure-20160721.gz
-rw-------  1 root root  908 Jul 22 03:35 cron-20160721.gz
-rw-------  1 root root  896 Jul 23 03:31 cron-20160722.gz
drwxr-xr-x  2 root root 4.0K Jul 23 19:45 mail
-rw-------  1 root root  329 Jul 24 03:17 secure-20160722.gz
-rw-------  1 root root  884 Jul 24 03:17 cron-20160723.gz
-rw-------  1 root root 2.5K Aug 17 21:25 yum.log-20160916
-rw-------  1 root root  218 Aug 30 03:25 maillog-20160707.gz
-rw-------  1 root root 4.0K Sep 15 04:33 maillog
-rw-rw-r--  1 root utmp  66K Sep 15 23:20 wtmp-20160916
-rw-------  1 root root    0 Sep 16 00:16 dracut.log
-rw-------  1 root root    0 Sep 16 00:16 yum.log
drwxr-xr-x  5 root root  36K Sep 16 03:21 .
-rw-------  1 root root 307K Sep 16 04:01 cron
-rw-------  1 root root  32K Sep 16 04:09 secure
-rw-------  1 root root 3.9G Sep 16 04:09 boot.log
-rw-rw-r--  1 root utmp 4.2K Sep 16 17:48 wtmp
-rw-r--r--  1 root root 144K Sep 16 17:48 lastlog
-rw-------  1 root root  11K Sep 16 18:01 system-usawsnet01.log
-rw-------  1 root root 141M Sep 16 18:14 system-10.50.10.1.log
-rw-------  1 root root 5.2G Sep 16 18:14 system-10.0.1.5.log
-rw-------  1 root root 5.8G Sep 16 18:14 system-10.70.10.1.log
-rw-------  1 root root 5.2G Sep 16 18:14 system-10.10.200.1.log

Finalmente, aqui está o arquivo de configuração base logrotate, caso isso ajude:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

Eu tentei remover o curinga e removi o /var/lib/logrotate.status para começar de novo, mas nada parece acionar a rotação desses registros.

    
por stickybun 17.09.2016 / 18:21

0 respostas