Eu tenho um problema com o Logrotate que não roda logs em uma das minhas máquinas Amazon Linux. Esta caixa usa o rsyslog e recebe logs de outros dispositivos. Como tal, uma regra de caractere curinga foi usada e pensei que esse era o problema, embora a remoção não ajude. Eu tentei forçar uma rotação usando logrotate -fv, mas enquanto ele diz que os logs devem ser rotacionados, um archive de dateext do log não é criado em / var / log. O curioso é que isso estava funcionando até julho e, devido a algumas mudanças feitas naquela época, ele parou de funcionar. Aqui está a configuração logrotate para os arquivos rsyslog (/etc/logrotate.d/rsyslog):
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log{
compress
notifempty
daily
sharedscripts
postrotate
service rsyslog restart >/dev/null 2>&1 || true
endscript
}
Aqui está a saída de um comando logrotate -fv:
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file dracut
reading config info for /var/log/dracut.log
reading config file psacct
reading config info for /var/account/pacct
reading config file rsyslog
reading config info for /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log
reading config file yum
reading config info for /var/log/yum.log
reading config info for /var/log/wtmp
reading config info for /var/log/btmp
Handling 6 logs
rotating pattern: /var/log/dracut.log forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/dracut.log
log does not need rotating
rotating pattern: /var/account/pacct forced from command line (31 rotations)
empty log files are not rotated, old logs are removed
considering log /var/account/pacct
log does not need rotating
not running postrotate script, since no logs were rotated
rotating pattern: /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/cron
log needs rotating
considering log /var/log/maillog
log needs rotating
considering log /var/log/messages
error: stat of /var/log/messages failed: No such file or directory
considering log /var/log/secure
log needs rotating
considering log /var/log/spooler
error: stat of /var/log/spooler failed: No such file or directory
considering log /var/log/boot.log
log needs rotating
considering log /var/log/system-10.0.1.5.log
log needs rotating
considering log /var/log/system-10.10.200.1.log
log needs rotating
considering log /var/log/system-10.50.10.1.log
log needs rotating
considering log /var/log/system-10.70.10.1.log
log needs rotating
considering log /var/log/system-usawsnet01.log
log needs rotating
rotating log /var/log/cron, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/maillog, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/secure, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/boot.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.0.1.5.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.10.200.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.50.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.70.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-usawsnet01.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating pattern: /var/log/yum.log forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/yum.log
log does not need rotating
rotating pattern: /var/log/wtmp forced from command line (1 rotations)
empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed
considering log /var/log/wtmp
log needs rotating
rotating log /var/log/wtmp, log->rotateCount is 1
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/wtmp-20160916 already exists, skipping rotation
rotating pattern: /var/log/btmp forced from command line (1 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/btmp
log /var/log/btmp does not exist -- skipping
Ele afirma que os logs precisam de rotação e a força deve fazer isso, mas depois de executar isso eu só tenho os seguintes arquivos em / var / log (observe os logs corretamente rotacionados antes de 24 de julho):
-rw------- 1 root root 385 Jul 21 03:13 secure-20160720.gz
-rw------- 1 root root 303 Jul 22 03:35 secure-20160721.gz
-rw------- 1 root root 908 Jul 22 03:35 cron-20160721.gz
-rw------- 1 root root 896 Jul 23 03:31 cron-20160722.gz
drwxr-xr-x 2 root root 4.0K Jul 23 19:45 mail
-rw------- 1 root root 329 Jul 24 03:17 secure-20160722.gz
-rw------- 1 root root 884 Jul 24 03:17 cron-20160723.gz
-rw------- 1 root root 2.5K Aug 17 21:25 yum.log-20160916
-rw------- 1 root root 218 Aug 30 03:25 maillog-20160707.gz
-rw------- 1 root root 4.0K Sep 15 04:33 maillog
-rw-rw-r-- 1 root utmp 66K Sep 15 23:20 wtmp-20160916
-rw------- 1 root root 0 Sep 16 00:16 dracut.log
-rw------- 1 root root 0 Sep 16 00:16 yum.log
drwxr-xr-x 5 root root 36K Sep 16 03:21 .
-rw------- 1 root root 307K Sep 16 04:01 cron
-rw------- 1 root root 32K Sep 16 04:09 secure
-rw------- 1 root root 3.9G Sep 16 04:09 boot.log
-rw-rw-r-- 1 root utmp 4.2K Sep 16 17:48 wtmp
-rw-r--r-- 1 root root 144K Sep 16 17:48 lastlog
-rw------- 1 root root 11K Sep 16 18:01 system-usawsnet01.log
-rw------- 1 root root 141M Sep 16 18:14 system-10.50.10.1.log
-rw------- 1 root root 5.2G Sep 16 18:14 system-10.0.1.5.log
-rw------- 1 root root 5.8G Sep 16 18:14 system-10.70.10.1.log
-rw------- 1 root root 5.2G Sep 16 18:14 system-10.10.200.1.log
Finalmente, aqui está o arquivo de configuração base logrotate, caso isso ajude:
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
Eu tentei remover o curinga e removi o /var/lib/logrotate.status para começar de novo, mas nada parece acionar a rotação desses registros.