It seems that rsyslog was not handling the params to savelog as I would have expected.
/usr/bin/savelog -pc 3 /var/log/messages ended up being /usr/bin/savelog '-pc 3 /var/log/messages', which is not a file that exists. Also /var/log needed to be owned by the PrivDropToUser. FWIW strace -fp rsyslogd -c5 -dn 2>&1 |tee rsyslogd.debug wait for the file to not rotate, then kill rsyslogd and look for errors: grep -B 1 ENO rsyslogd.debug Was very helpful in finding the problem. On Fri, Oct 28, 2011 at 3:45 PM, Gregory K. Ruiz-Ade <[email protected]> wrote: > On Oct 28, 2011, at 9:07 AM, Michael Hale wrote: > >> I'm running on Ubuntu 10.04 LTS without SELinux and rsyslog-5.6.5. >> Just for grins I disabled PrivDropToUser and PrivDropToGroup so >> rsyslog is running as root, but that configuration is still unable to >> rotate the logfiles. I'll try updating to the latest stable: 5.8.6 and >> see if that helps. > > > For Ubuntu, the thing to look at is AppArmor. There are some reasonably good > docs on Ubuntu's site and the Ubuntu Community site, otherwise start digging > through /etc/apparmor.d for anything related to syslog or rsyslog. > > Gregory > > -- > Gregory K. Ruiz-Ade <[email protected]> > OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
