Rsyslog rotates, but still logging to old log

Server: Ubuntu Server 14.04

I have a Watchguard Firebox logging to a server. It is supposed to rotate daily, however, when the rotate occurs, it doesn't write to the new log. It keeps writing to the previous one.

The config in /etc/logrotate.d/

/var/log/watchguard
{
    rotate 14
    daily
    missingok
    create 640 syslog adm
    compress
    delaycompress
    sharedscripts
    su root syslog
    postrotate
            /usr/sbin/service rsyslog reload >/dev/null 2>&1 || true
    endscript
}

As you can see, the rotates are occurring, but the newest log is not being written to:

-rw-r----- 1 syslog    adm        20 Jan 17 02:30 watchguard.3.gz
-rw-r----- 1 syslog    adm        20 Jan 18 02:30 watchguard.2.gz
-rw-r----- 1 syslog    adm         0 Jan 20 02:30 watchguard <---- SHOULD CONTAIN DATA
-rw-r----- 1 syslog    adm      3.0G Jan 20 10:34 watchguard.1 <--- ROTATED, BUT STILL GETTING DATA

It's as if it doesn't care about the name of the file. It just keeps on writing. Is the syntax of my logrotate configuration incorrect?


Solution 1:

I removed the postrotate script altogether, and added copytruncate. Checked the logs for the past couple of days, and it's rotating, and using the latest log. If there's a better way, someone is more than welcome to chime in, but this is working for me.

/var/log/watchguard
{
    rotate 14
    daily
    missingok
    create 640 syslog adm
    compress
    delaycompress
    su root syslog
    copytruncate
}

Working just fine!

-rw-r----- 1 syslog    adm      336M Jan 27 02:34 watchguard.2.gz
-rw-r----- 1 syslog    adm      5.2G Jan 28 02:34 watchguard.1
-rw-r----- 1 syslog    adm      950M Jan 28 08:02 watchguard