I am trying to find out why logrotate is only rotating a subset of logfiles in a folder when run without the --force
flag. The man page for logrotate --force
simply says:
Tells logrotate to force the rotation, even if it doesn't think this is necessary. Sometimes this is useful after adding new entries to a logrotate config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.
My current theory is that this is related to file age, as the unrotated files are written by a different application that resets log file ctime on each write.
The /etc/logrotate.d/
configuration file is as follows:
"/var/log/web_app/*.log" {
su www-data www-data
daily
rotate 21
maxsize 2G
compress
dateext
copytruncate
delaycompress
missingok
}
The logrotate.status
file shows (note only cgi.log
has actually been rotated):
"/var/log/web_app/cgi.log" 2019-2-11-6:25:34
"/var/log/web_app/api.log" 2019-2-11-6:0:0
"/var/log/web_app/db.log" 2019-2-11-6:0:0
And logrotate --debug
reports:
rotating pattern: "/var/log/web_app/*.log" after 1 days (21 rotations)
empty log files are rotated, log files >= 2147483648 are rotated earlier, old logs are removed
switching euid to 33 and egid to 33
considering log /var/log/web_app/api.log
log does not need rotating
considering log /var/log/web_app/db.log
log does not need rotating
considering log /var/log/web_app/cgi.log
log does not need rotating
switching euid to 0 and egid to 0
head /var/log/web_app/api.log
shows that this log file has not been rotated (3 days old at time of writing):
2019-02-08 16:50:54,492 - general (Process1-MainThread) - INFO - Starting instance of WEB_APP
stat
on the same file shows:
File: '/var/log/web_app/api.log'
Size: 6307 Blocks: 16 IO Block: 4096 regular file
Device: ca11h/51729d Inode: 751580 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2019-02-11 13:17:46.639667970 +0000
Modify: 2019-02-11 09:16:43.779964966 +0000
Change: 2019-02-11 09:16:43.779964966 +0000
Birth: -