IRGeekSauce asked:
Server: Ubuntu Server 14.04
I have a Watchguard Firebox logging to a server. It is supposed to rotate daily, however, when the rotate occurs, it doesn’t write to the new log. It keeps writing to the previous one.
The config in /etc/logrotate.d/
/var/log/watchguard
{
rotate 14
daily
missingok
create 640 syslog adm
compress
delaycompress
sharedscripts
su root syslog
postrotate
/usr/sbin/service rsyslog reload >/dev/null 2>&1 || true
endscript
}
As you can see, the rotates are occurring, but the newest log is not being written to:
-rw-r----- 1 syslog adm 20 Jan 17 02:30 watchguard.3.gz
-rw-r----- 1 syslog adm 20 Jan 18 02:30 watchguard.2.gz
-rw-r----- 1 syslog adm 0 Jan 20 02:30 watchguard <---- SHOULD CONTAIN DATA
-rw-r----- 1 syslog adm 3.0G Jan 20 10:34 watchguard.1 <--- ROTATED, BUT STILL GETTING DATA
It’s as if it doesn’t care about the name of the file. It just keeps on writing. Is the syntax of my logrotate configuration incorrect?
My answer:
You have specified to reload rsyslog after rotating the logs, but it is the service that writes the logs that must be reloaded.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.