0

/etc/logrotate.d/auth.conf is somnething I created manually. But there is a entry for /var/log/auth.log in /etc/logrotate.d/rsyslog as well.

Is there a conflict?

Do I have to remove auth.log entry from /etc/logrotate.d/rsyslog? I'm trying to manage auth.conf using puppet but I don't want to manage rsyslog using puppet yet.

/etc/logrotate.d/auth.conf content:

/var/log/auth.log {
  daily
  rotate 5
  compress
  create 0644 root adm
}

/etc/logrotate.d/rsyslog content:

/var/log/syslog
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                invoke-rc.d rsyslog reload > /dev/null
        endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
        rotate 4
        weekly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
                invoke-rc.d rsyslog reload > /dev/null
        endscript
}
user630702
  • 495
  • 10
  • 32

1 Answers1

0

There is no conflict, but there is a problem. Your config will cause auth.log to be rotated daily, without notifying rsyslog. As a consequence, rsyslog will keep writing to a deleted file for the remainder of the week, unless one of the rsyslog logs needs rotating sooner.

Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11
  • so I have to add `postrotate` and notify `rsyslog` in `auth.conf` right? – user630702 Jul 04 '20 at 11:52
  • Correct, but compare your config to the original, which has eg. delaycompress. Also, I'm not an avid user of logrotate, I prefer programs, like rsyslog, to handle their own rotation. It's quite simple to have rsyslog start a new log every day. – Gerard H. Pille Jul 04 '20 at 21:17