To test if it is a permission issue, I moved my logrotate script under /etc/logrotate.d/ (there is another script here that rotates /var/log/messages and other logs under /var/log/ which is where I originally found the execution of the HUP signal to rsyslog), and made sure that the permissions and ownership of my file matched every other file in the directory. When I execute the script that reads from /etc/logrotate.d/ (/etc/cron.daily/logrotate), the dynamic files are not generated, while files under /var/log/ are being rotated and generated appropriately.
If I run the same command that is being used in these other logrotate scripts: /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> /dev/null manually in the CLI, only then do the dynamic files are generated. The file matches in permission, ownership, and location other files that are shown to work and when executing logrotate on the single script and seeing the process that handles the execution, the effective UID for the process is root. Which is why I asked if there is a difference between dynamic files from messages received through imudp/imtcp modules and routing local messages by selectors, because it seems that that is the only difference. On Tue, Jun 2, 2020 at 11:36 AM Rainer Gerhards <[email protected]> wrote: > The question is as which user it is executed? Does that user have > permissions to send HUP to the rsyslog process, which may run as > another user. > > When you say "one works, one other not" it smells strongly like > permission issues.... > > Rainer > > El mar., 2 jun. 2020 a las 17:17, Anthony Benitez Borges > (<[email protected]>) escribió: > > > > How is my logrotate script different from the logrotate script in > /etc/cron.daily/logrotate? They are both executed by cron, so they should > have the same permissions. Does it make a difference between > /var/log/messages and /syslog_data/logs/*/*.log that the former is > generated by rsyslog routing messages under a selector/filter to it and the > latter is a defined dynamic file? > > > > -ABB > > > > On Tue, Jun 2, 2020 at 10:45 AM Rainer Gerhards < > [email protected]> wrote: > >> > >> Sounds like logrotate has no permission to send hup to rsyslog > process... > >> > >> Rainer > >> > >> Sent from phone, thus brief. > >> > >> Anthony Benitez Borges via rsyslog <[email protected]> schrieb > am Di., 2. Juni 2020, 16:29: > >>> > >>> I have some switches/firewalls sending logs to my logging server > through > >>> both TCP/UDP and I have noticed that whenever these logs are rotated, > the > >>> dynamic files are not generated when logrotate sends a HUP signal to > >>> rsyslog. > >>> > >>> I have the following rsyslog ruleset that is applied to the inputs for > the > >>> imudp and imtcp modules: > >>> ---------------------------------------------------- > >>> template(name="remote_log_path" type="string" > >>> string="/syslog_data/logs/%fromhost-ip%/%fromhost-ip%.syslog.log") > >>> > >>> ruleset(name="remote_logging_rules") { > >>> # filter junk messages using if-statement > >>> action( > >>> type="omfile" > >>> dynaFile="remote_log_path" > >>> dirOwner="root" > >>> dirGroup="root" > >>> dirCreateMode="0700" > >>> fileOwner="root" > >>> fileGroup="root" > >>> fileCreateMode="0600" > >>> dynaFileCacheSize="50" > >>> asyncWriting="on" > >>> flushOnTXEnd="off" > >>> ioBufferSize="64k" > >>> ) > >>> stop > >>> } > >>> > >>> module(load="imudp") > >>> module(load="imtcp") > >>> > >>> input(type="imudp" port="514" ruleset="remote_logging_rules") > >>> input(type="imtcp" port="514" ruleset="remote_logging_rules") > >>> ---------------------------------------------------- > >>> > >>> I have a script under /etc/cron.daily that executes logrotate using the > >>> following file: > >>> ---------------------------------------------------- > >>> /syslog_data/logs/*/*.log { > >>> notifempty > >>> rotate 4 > >>> size 10M > >>> olddir /syslog_data/archive > >>> compress > >>> sharedscripts > >>> postrotate > >>> /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> > /dev/null > >>> || true > >>> endscript > >>> } > >>> ---------------------------------------------------- > >>> > >>> If I send the HUP signal myself, then rsyslog proceeds to generate the > >>> files, but not when sent by logrotate. The devices sending logs are > >>> constantly sending logs (every minute), so I know the issue is not that > >>> they are not sending logs and therefore rsyslog doesn't generate a new > >>> file. How can I fix this? > >>> > >>> Thank you! > >>> -ABB > >>> _______________________________________________ > >>> rsyslog mailing list > >>> https://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com/professional-services/ > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
