Historically, on many systems, logrotate is being ran from a daily cron job. Many tutorials still presume that, for instance HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples.
I still thought it would and after writing On OpenSuSE, when adding Apache vhosts with their own log files don’t forget to update your logrotate configuration I was anxious to see when logrotate would run the second time.
So I tried finding it in the cron.daily and it wasn’t there.
OpenSuSE 13.2 changed how logrotate is inficated: from there on (including both Tumbleweed and LEAP) logrotate is ran from the systemd service:
logrotate is a systemd service in 13.2 (/usr/lib/systemd/system/logrotate.service) and it is run periodically by a systemd timer (not cron).
Have a look at /usr/lib/systemd/system/logrotate.timer and “man systemd.timer”.
You can view the status of the logrotate.timer that fires it every day:
systemctl status logrotate.timerIt triggers logrotate and reads the config in /etc/logrotate.conf for basic global settings and then files in /etc/logrotate.d/* for custom settings for specific files.
Which means you should not mess around with files in /etc/logrotate.d/ as each file there will be processed. So don’t leave around backup files ending in a tilde (~) or DEADJOE as it causes trouble:
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping
There’s more you can do do debug logrotate behaviour
The below tips are all based on this thread: [Bug 913421] logrotate not running after update from 13.1 to 13.2
Show if the timer is there and counting:
# systemctl list-timers --all NEXT LEFT LAST PASSED UNIT ACTIVATES Fri 2016-07-08 00:00:00 CEST 5h 24min left Thu 2016-07-07 00:00:02 CEST 18h ago logrotate.timer logrotate.service Fri 2016-07-08 17:51:53 CEST 23h left Thu 2016-07-07 17:51:53 CEST 43min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service 2 timers listed.
Show the status of the logrotate service itself:
# systemctl status logrotate.service --full
● logrotate.service - Rotate log files
Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2016-07-07 00:00:02 CEST; 18h ago
Docs: man:logrotate(8)
man:logrotate.conf(5)
Process: 16121 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=1/FAILURE)
Main PID: 16121 (code=exited, status=1/FAILURE)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping
Jul 07 00:00:02 revue logrotate[16121]: error: skipping "/var/log/squidGuard/squidGuard.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Jul 07 00:00:02 revue logrotate[16121]: compress_ext is /usr/bin/xz
Jul 07 00:00:02 revue logrotate[16121]: compress_ext was changed to .xz
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Jul 07 00:00:02 revue systemd[1]: Failed to start Rotate log files.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Unit entered failed state.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Failed with result 'exit-code'.
The bottom lines are from journalctl -u logrotate which can show more information.
In this case, fixing both issues was easy: remove DEADJOE and correct the permissions on this empty directory:
# ls -al /var/log/squidGuard/ total 0 drwxrwx--- 1 squid squid 0 Jun 16 21:08 . drwxr-xr-x 1 root root 962 Jul 6 17:36 .. # chmod 750 /var/log/squidGuard/ # ls -al /var/log/squidGuard/ total 0 drwxr-x--- 1 squid squid 0 Jun 16 21:08 . drwxr-xr-x 1 root root 962 Jul 6 17:36 ..
If you can’t wait for the timer to fire at midnight, you can invoke the logrotate service manually (after that wait until it is finished then do something like du -csh /var/log/* or list the files):
# systemctl start logrotate.service
–jeroen
via:
Filed under: *nix, Linux, logrotate, openSuSE, Power User, SuSE Linux, Tumbleweed
