2

I'm running CentOS6 and I configured rsyslog to monitor my iptables warning messages and dump them in /var/log/iptables.log. I went through my logrotate.d/syslog file and added iptables.log so logrotate would pick up and rotate the logs. The file looks like this:

/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/iptables.log
{
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

However, when I run logrotate -f -v logrotate.conf to trigger a force roll, the iptables.log file doesn't roll. To make logrotate not barf on the iptables file, I created a iptables.log-20121014 file.

My output when I run the command looks like this:

rotating log /var/log/iptables.log, log->rotateCount is 4
dateext suffix '-20121021'

I'm flummoxed. How do I get logrotate to roll the file? I'm not 100% sure if I configured it correctly, but I don't know enough to be certain if that's the case.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
FloppyDisk
  • 123
  • 1
  • 4

1 Answers1

4

I believe a more effective solution would be to actually create a specific logrotate instance for iptables instead of adding it directly to your syslog logrotate instance.

Do this by:

$ touch /etc/logrotate.d/iptables

Now, configure the logrotation as you'd like, an example would be the following (You may find all options HERE (logrotate.conf):

$ vi iptables
/var/log/iptables.log {
missingok
notifempty
size 30k
create 0600 root root
postrotate
    /etc/rc.d/init.d/rsyslog restart ; sleep 5
endscript
}

This should provide the functionality you're searching for.

reflexiv
  • 276
  • 1
  • 9
rwc
  • 316
  • 1
  • 7