How is my logrotate script different from the logrotate script in /etc/cron.daily/logrotate? They are both executed by cron, so they should have the same permissions. Does it make a difference between /var/log/messages and /syslog_data/logs/*/*.log that the former is generated by rsyslog routing messages under a selector/filter to it and the latter is a defined dynamic file?
-ABB On Tue, Jun 2, 2020 at 10:45 AM Rainer Gerhards <[email protected]> wrote: > Sounds like logrotate has no permission to send hup to rsyslog process... > > Rainer > > Sent from phone, thus brief. > > Anthony Benitez Borges via rsyslog <[email protected]> schrieb am > Di., 2. Juni 2020, 16:29: > >> I have some switches/firewalls sending logs to my logging server through >> both TCP/UDP and I have noticed that whenever these logs are rotated, the >> dynamic files are not generated when logrotate sends a HUP signal to >> rsyslog. >> >> I have the following rsyslog ruleset that is applied to the inputs for the >> imudp and imtcp modules: >> ---------------------------------------------------- >> template(name="remote_log_path" type="string" >> string="/syslog_data/logs/%fromhost-ip%/%fromhost-ip%.syslog.log") >> >> ruleset(name="remote_logging_rules") { >> # filter junk messages using if-statement >> action( >> type="omfile" >> dynaFile="remote_log_path" >> dirOwner="root" >> dirGroup="root" >> dirCreateMode="0700" >> fileOwner="root" >> fileGroup="root" >> fileCreateMode="0600" >> dynaFileCacheSize="50" >> asyncWriting="on" >> flushOnTXEnd="off" >> ioBufferSize="64k" >> ) >> stop >> } >> >> module(load="imudp") >> module(load="imtcp") >> >> input(type="imudp" port="514" ruleset="remote_logging_rules") >> input(type="imtcp" port="514" ruleset="remote_logging_rules") >> ---------------------------------------------------- >> >> I have a script under /etc/cron.daily that executes logrotate using the >> following file: >> ---------------------------------------------------- >> /syslog_data/logs/*/*.log { >> notifempty >> rotate 4 >> size 10M >> olddir /syslog_data/archive >> compress >> sharedscripts >> postrotate >> /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> >> /dev/null >> || true >> endscript >> } >> ---------------------------------------------------- >> >> If I send the HUP signal myself, then rsyslog proceeds to generate the >> files, but not when sent by logrotate. The devices sending logs are >> constantly sending logs (every minute), so I know the issue is not that >> they are not sending logs and therefore rsyslog doesn't generate a new >> file. How can I fix this? >> >> Thank you! >> -ABB >> _______________________________________________ >> rsyslog mailing list >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
