We have an AWS EC2 with Debian and logrotate
.
One day its root partition was exhausted and when I started investigating it – found, that we have a bunch of files like /var/log/syslog.N.gz
.
At the same time by default logrotate
creates a config file to rotate syslog
log files:
[simterm]
root@monitoring-dev:~# cat /etc/logrotate.d/syslog # Ansible managed /var/log/syslog { size 10M rotate 1 daily ... }
[/simterm]
Thus, we must have only files syslog
+ syslog.1
, but instead:
[simterm]
root@monitoring-dev:~# ll /var/log/ | grep syslog -rw-r----- 1 root adm 11925 Oct 9 09:26 syslog -rw-r----- 1 root adm 361150 Oct 9 06:25 syslog.1 -rw-r----- 1 root adm 7712 Oct 8 06:25 syslog.2.gz -rw-r----- 1 root adm 7562 Oct 7 06:25 syslog.3.gz -rw-r----- 1 root adm 7832 Oct 6 06:25 syslog.4.gz -rw-r----- 1 root adm 7720 Oct 5 06:25 syslog.5.gz -rw-r----- 1 root adm 7641 Oct 4 06:25 syslog.6.gz -rw-r----- 1 root adm 8072 Oct 3 06:25 syslog.7.gz
[/simterm]
Let’s check – run logrotate
with the --debug
option:
[simterm]
root@monitoring-dev:~# logrotate -d /etc/logrotate.conf reading config file /etc/logrotate.conf error: /etc/logrotate.conf:5 unknown group 'syslog' removing last 0 log configs
[/simterm]
unknown group ‘syslog’
And here is our error.
The error appears because of the fact that Debian OS has no syslog
users group, but instead it has an adm
group which is the default user group for log-files.
Check the /etc/logrotate.conf
content:
# Ansible managed # see "man logrotate" for details weekly su root syslog ...
And check existing users groups:
[simterm]
root@monitoring-dev:~# cat /etc/group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:admin ...
[/simterm]
Replace syslog
with adm
:
# Ansible managed # see "man logrotate" for details weekly su root adm ...
And check again:
[simterm]
root@monitoring-dev:~# logrotate -d /etc/logrotate.conf reading config file /etc/logrotate.conf including /etc/logrotate.d reading config file apt reading config file certbot reading config file chrony reading config file daemonlog reading config file dpkg reading config file exim4-base reading config file exim4-paniclog reading config file nginx reading config file rsyslog reading config file syslog reading config file unattended-upgrades Reading state from file: /var/lib/logrotate/status Allocating hash table for state file, size 64 entries ...
[/simterm]
Done.