1

I am trying to find out why logrotate is only rotating a subset of logfiles in a folder when run without the --force flag. The man page for logrotate --force simply says:

Tells logrotate to force the rotation, even if it doesn't think this is necessary. Sometimes this is useful after adding new entries to a logrotate config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.

My current theory is that this is related to file age, as the unrotated files are written by a different application that resets log file ctime on each write.

The /etc/logrotate.d/ configuration file is as follows:

"/var/log/web_app/*.log" {
  su www-data www-data
  daily
  rotate 21
  maxsize 2G
  compress
  dateext
  copytruncate
  delaycompress
  missingok
}

The logrotate.status file shows (note only cgi.log has actually been rotated):

"/var/log/web_app/cgi.log" 2019-2-11-6:25:34
"/var/log/web_app/api.log" 2019-2-11-6:0:0
"/var/log/web_app/db.log" 2019-2-11-6:0:0

And logrotate --debug reports:

rotating pattern: "/var/log/web_app/*.log"  after 1 days (21 rotations)
empty log files are rotated, log files >= 2147483648 are rotated earlier, old logs are removed
switching euid to 33 and egid to 33
considering log /var/log/web_app/api.log
  log does not need rotating
considering log /var/log/web_app/db.log
  log does not need rotating
considering log /var/log/web_app/cgi.log
  log does not need rotating
switching euid to 0 and egid to 0

head /var/log/web_app/api.log shows that this log file has not been rotated (3 days old at time of writing):

2019-02-08 16:50:54,492 - general (Process1-MainThread) - INFO - Starting instance of WEB_APP

stat on the same file shows:

  File: '/var/log/web_app/api.log'
  Size: 6307        Blocks: 16         IO Block: 4096   regular file
Device: ca11h/51729d    Inode: 751580      Links: 1
Access: (0644/-rw-r--r--)  Uid: (   33/www-data)   Gid: (   33/www-data)
Access: 2019-02-11 13:17:46.639667970 +0000
Modify: 2019-02-11 09:16:43.779964966 +0000
Change: 2019-02-11 09:16:43.779964966 +0000
 Birth: -
TDN169
  • 135
  • 5

1 Answers1

2

Whenever logrotate is determining whether a given file needs to be rotated, the --force flag makes it answer unconditionally "yes, this file is in need of rotating". It simply makes logrotate disregard the configured rotation triggers - note that age is not the only possible trigger, it works the same way for size.

If you know your rotation works with --force, but not without it, you likely want to proceed with --debug and without --force. You will get a line of explanation for every processed file. If you used --force you would not see the explanations, as they would be skipped (see findNeedRotating in logrotate.c)

The --force flag will not make logrotate do anything that it would not have been doing anyway if the log file had aged/filled up to trigger the configured rotate condition. You are only enforcing it to happen right now - potentially deleting the oldest file, so you usually want to avoid running it repeatedly.

anx
  • 6,875
  • 4
  • 22
  • 45