Login/Register
logrotate cron job not rotating certain logs
Asked Answered
loggingcroncron-tasklogrotatelog-rotation
C

6

16

I added two scripts in "logrotate.d" directory for my application logs to be rotated. This is the config for one of them:

<myLogFilePath> {
  compress
  copytruncate
  delaycompress
  dateext
  missingok
  notifempty
  daily
  rotate 30
}

There is a "logrotate" script in "cron.daily" directory (which seems to be running daily as per cron logs):

#!/bin/sh

echo "logrotate_test" >>/tmp/logrotate_test
#/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1
/usr/sbin/logrotate -v /etc/logrotate.conf &>>/root/logrotate_error

EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

The first echo statement is working.
But I find my application logs alone are not getting rotated, whereas other logs like httpd are getting rotated **
**And I also don't see any output in the mentioned "logrotate_error" file (has write permission for all users).

However the syslog says: "logrotate: ALERT exited abnormally with [1]"

But when I run the same "logrotate" in "cron.daily" script manually, everything seems working fine.

Why is it not rotating during daily cron schedule? Am I doing something wrong here?
It would be great if I get this much needed help.

UPDATED: It looks like, it's because of selinux - the log files in my user home directory has restrictions imposed by selinux and the when logrotate script is run:

SELinux is preventing /usr/sbin/logrotate from getattr access on the file /home/user/logs/application.log
Carpospore answered 27/3, 2013 at 5:49 Comment(0)
C
17

SELinux was restricting the access to logrotate on log files in directories which does not have the required SELinux file context type. "/var/log" directory has "var_log_t" file context, and logrotate was able to do the needful. So the solution was to set this on my application log files and it's parent directory:

semanage fcontext -a -t var_log_t <directory/logfile>
restorecon -v <directory/logfile>
Carpospore answered 24/5, 2013 at 18:19 Comment(0)
C
9

I had a similar problem. To resolve this, I first checked the status of SELinux using the sestatus command:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Then, check the SELinux security context applied to files and directories using ls --scontext. Check the files you want logrotate to operate on, and check files that are working, such as /var/log/maillog:

# ls --scontext /var/log/maillog*
system_u:object_r:var_log_t:s0   /var/log/maillog
system_u:object_r:var_log_t:s0   /var/log/maillog-20140713
system_u:object_r:var_log_t:s0   /var/log/maillog-20140720
system_u:object_r:var_log_t:s0   /var/log/maillog-20140727
system_u:object_r:var_log_t:s0   /var/log/maillog-20140803

Use semanage to change the file context.

semanage fcontext -a -t var_log_t <directory/logfile>
restorecon -v <directory/logfile>
Consignment answered 5/8, 2014 at 16:43 Comment(1)
I think this answer is a duplicate of https://mcmap.net/q/720516/-logrotate-cron-job-not-rotating-certain-logs that was posted previously, adding just more useful context. In the future, feel free to add this useful context directly in already existing answers. I don't know what should happen in these cases, but I've upvoted this answer since it gives more context.Wellworn
S
4

Just to generalize the above and make sure same SELinux context is properly set for all future files:

semanage fcontext -a -t var_log_t "<directory>(/.*)?"
restorecon -v <directory>
Simplify answered 29/4, 2015 at 9:20 Comment(0)
K
2

I've recently encountered a similar SELinux-related issue with logrotate not operating on files as expected, which occurred when the logs to be rotated were on an NFS share.

In this case setting the logrotate_use_nfs seboolean seemed to fix the problem, e.g.

$ setsebool logrotate_use_nfs 1
$ getsebool logrotate_use_nfs
logrotate_use_nfs --> on
Knur answered 22/10, 2018 at 9:15 Comment(0)
R
1

I have seen this issue with SELINUX disabled and this was because the parent directory of log file being rotated has global write-permission which is not welcomed by logrotate

error: skipping "/xxx/yyy/log/logfile.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

chmod the parent directory to 755 solved the issue

# logrotate --version
logrotate 3.8.6
Resnatron answered 17/5, 2016 at 12:53 Comment(0)
G
1

SELinux is preventing /usr/sbin/logrotate from read access on the directory sites.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that logrotate should be allowed read access on the sites directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access.
Do
allow this access for now by executing:

# grep logrotate /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Guinna answered 8/3, 2017 at 19:9 Comment(1)
Where is this taken from? Could you please add it? I've Googled this and I see lots of messages similar to this, but I can't find the source. Is this the default message that SELinux gives?Toponym

© 2022 - 2024 — McMap. All rights reserved.