Rsyslog rotates, but still logging to old log
Server: Ubuntu Server 14.04
I have a Watchguard Firebox logging to a server. It is supposed to rotate daily, however, when the rotate occurs, it doesn't write to the new log. It keeps writing to the previous one.
The config in /etc/logrotate.d/
/var/log/watchguard
{
rotate 14
daily
missingok
create 640 syslog adm
compress
delaycompress
sharedscripts
su root syslog
postrotate
/usr/sbin/service rsyslog reload >/dev/null 2>&1 || true
endscript
}
As you can see, the rotates are occurring, but the newest log is not being written to:
-rw-r----- 1 syslog adm 20 Jan 17 02:30 watchguard.3.gz
-rw-r----- 1 syslog adm 20 Jan 18 02:30 watchguard.2.gz
-rw-r----- 1 syslog adm 0 Jan 20 02:30 watchguard <---- SHOULD CONTAIN DATA
-rw-r----- 1 syslog adm 3.0G Jan 20 10:34 watchguard.1 <--- ROTATED, BUT STILL GETTING DATA
It's as if it doesn't care about the name of the file. It just keeps on writing. Is the syntax of my logrotate
configuration incorrect?
Solution 1:
I removed the postrotate
script altogether, and added copytruncate
. Checked the logs for the past couple of days, and it's rotating, and using the latest log. If there's a better way, someone is more than welcome to chime in, but this is working for me.
/var/log/watchguard
{
rotate 14
daily
missingok
create 640 syslog adm
compress
delaycompress
su root syslog
copytruncate
}
Working just fine!
-rw-r----- 1 syslog adm 336M Jan 27 02:34 watchguard.2.gz
-rw-r----- 1 syslog adm 5.2G Jan 28 02:34 watchguard.1
-rw-r----- 1 syslog adm 950M Jan 28 08:02 watchguard