logrotate cron job not rotating certain logs

后端 未结 6 983
生来不讨喜
生来不讨喜 2021-02-05 14:01

I added two scripts in \"logrotate.d\" directory for my application logs to be rotated. This is the config for one of them:

 {
  compress
           


        
相关标签:
6条回答
  • 2021-02-05 14:37

    Just to generalize the above and make sure same SELinux context is properly set for all future files:

    semanage fcontext -a -t var_log_t "<directory>(/.*)?"
    restorecon -v <directory>
    
    0 讨论(0)
  • I have seen this issue with SELINUX disabled and this was because the parent directory of log file being rotated has global write-permission which is not welcomed by logrotate

    error: skipping "/xxx/yyy/log/logfile.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    

    chmod the parent directory to 755 solved the issue

    # logrotate --version
    logrotate 3.8.6
    
    0 讨论(0)
  • 2021-02-05 14:43

    I've recently encountered a similar SELinux-related issue with logrotate not operating on files as expected, which occurred when the logs to be rotated were on an NFS share.

    In this case setting the logrotate_use_nfs seboolean seemed to fix the problem, e.g.

    $ setsebool logrotate_use_nfs 1
    $ getsebool logrotate_use_nfs
    logrotate_use_nfs --> on
    
    0 讨论(0)
  • 2021-02-05 14:44

    SELinux was restricting the access to logrotate on log files in directories which does not have the required SELinux file context type. "/var/log" directory has "var_log_t" file context, and logrotate was able to do the needful. So the solution was to set this on my application log files and it's parent directory:

    semanage fcontext -a -t var_log_t <directory/logfile>
    restorecon -v <directory/logfile>
    
    0 讨论(0)
  • 2021-02-05 14:49

    SELinux is preventing /usr/sbin/logrotate from read access on the directory sites.

    ***** Plugin catchall (100. confidence) suggests ***************************

    If you believe that logrotate should be allowed read access on the sites directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:

    # grep logrotate /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp
    
    0 讨论(0)
  • 2021-02-05 14:53

    I had a similar problem. To resolve this, I first checked the status of SELinux using the sestatus command:

    # sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /selinux
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy version:                 24
    Policy from config file:        targeted
    

    Then, check the SELinux security context applied to files and directories using ls --scontext. Check the files you want logrotate to operate on, and check files that are working, such as /var/log/maillog:

    # ls --scontext /var/log/maillog*
    system_u:object_r:var_log_t:s0   /var/log/maillog
    system_u:object_r:var_log_t:s0   /var/log/maillog-20140713
    system_u:object_r:var_log_t:s0   /var/log/maillog-20140720
    system_u:object_r:var_log_t:s0   /var/log/maillog-20140727
    system_u:object_r:var_log_t:s0   /var/log/maillog-20140803
    

    Use semanage to change the file context.

    semanage fcontext -a -t var_log_t <directory/logfile>
    restorecon -v <directory/logfile>
    
    0 讨论(0)
提交回复
热议问题