发表新帖
发表新帖

logrotate cron job not rotating certain logs

后端 未结
关注
6 944
生来不讨喜
生来不讨喜 2021-02-05 14:01

I added two scripts in \"logrotate.d\" directory for my application logs to be rotated. This is the config for one of them:

 {
  compress
相关标签:
6条回答
  • 情书的邮戳
    2021-02-05 14:37

    Just to generalize the above and make sure same SELinux context is properly set for all future files:

    semanage fcontext -a -t var_log_t "<directory>(/.*)?"
restorecon -v <directory>
    0 讨论(0)
  • 不要未来只要你来
    2021-02-05 14:38

    I have seen this issue with SELINUX disabled and this was because the parent directory of log file being rotated has global write-permission which is not welcomed by logrotate

    error: skipping "/xxx/yyy/log/logfile.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

    chmod the parent directory to 755 solved the issue

    # logrotate --version
logrotate 3.8.6
    0 讨论(0)
  • 有刺的猬
    2021-02-05 14:43

    I've recently encountered a similar SELinux-related issue with logrotate not operating on files as expected, which occurred when the logs to be rotated were on an NFS share.

    In this case setting the logrotate_use_nfs seboolean seemed to fix the problem, e.g.

    $ setsebool logrotate_use_nfs 1
$ getsebool logrotate_use_nfs
logrotate_use_nfs --> on
    0 讨论(0)
  • 庸人自扰
    2021-02-05 14:44

    SELinux was restricting the access to logrotate on log files in directories which does not have the required SELinux file context type. "/var/log" directory has "var_log_t" file context, and logrotate was able to do the needful. So the solution was to set this on my application log files and it's parent directory:

    semanage fcontext -a -t var_log_t <directory/logfile>
restorecon -v <directory/logfile>
    0 讨论(0)
  • 北恋
    2021-02-05 14:49

    SELinux is preventing /usr/sbin/logrotate from read access on the directory sites.

    ***** Plugin catchall (100. confidence) suggests ***************************

    If you believe that logrotate should be allowed read access on the sites directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:

    # grep logrotate /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
    0 讨论(0)
  • 萌比男神i
    2021-02-05 14:53

    I had a similar problem. To resolve this, I first checked the status of SELinux using the sestatus command:

    # sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

    Then, check the SELinux security context applied to files and directories using ls --scontext. Check the files you want logrotate to operate on, and check files that are working, such as /var/log/maillog:

    # ls --scontext /var/log/maillog*
system_u:object_r:var_log_t:s0   /var/log/maillog
system_u:object_r:var_log_t:s0   /var/log/maillog-20140713
system_u:object_r:var_log_t:s0   /var/log/maillog-20140720
system_u:object_r:var_log_t:s0   /var/log/maillog-20140727
system_u:object_r:var_log_t:s0   /var/log/maillog-20140803

    Use semanage to change the file context.

    semanage fcontext -a -t var_log_t <directory/logfile>
restorecon -v <directory/logfile>
    0 讨论(0)
 看不清?
提交回复
热议问题