Centos logrotate found error, skipping

Question

One of our servers has a access_log which is nearly 5GB in size - there is currently no log rotation so I enabled it yesterday for httpd

The contents of /etc/logrotate.d/httpd is

/var/log/*.log {
    weekly
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}

When logrotate runs it generates an error:

Anacron job 'cron.daily' on

/etc/cron.daily/logrotate:

error: found error in /var/log/*.log , skipping

I cannot see what the error might be as these all look like valid parameters - any idea what is the issue?

user9517 · Answer 1 · 2015-09-17T20:40:48.787

This is caused because of your /var/log/*.log which will create a duplicate entry that conflicts with the logs defined in one or more of the other files in /etc/logrotate.d/ for example dracut, syslog and others.

You can test this by running logrotate on the command line, this is the output I get if I use your httpd file on my CentOS 6.7 system

logrotate /etc/logrotate.conf
error: httpd:1 duplicate log entry for /var/log/dracut.log
error: found error in /var/log/*.log , skipping
other irrelevant output skipped.

I don't know how you have configured your httpd but the defaults for CentOS would be to write logs to /var/log/httpd/ so a common configuration for /etc/logrotate.d/httpd config would be

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript

If you have changed the default logging location for httpd, perhaps it would be easier to put it back as it was and then use the common config above.

If you can't then you're going to have to list the individual log files that you want rotating (which may be more work than you want)

/var/log/access_log
/var/log/error_log
/var/log/vhost1_access_log
and so on... {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript

I notice you are using *log and I used *.log - is that a typo? — bhttoan, Sep 18 '15 at 00:42

score -1 · Answer 2 · answered Sep 17 '15 at 10:50

Apache supports the concepts of piped logs

Apache httpd is capable of writing error and access log files through a pipe to another process, rather than directly to a file. This capability dramatically increases the flexibility of logging, without adding code to the main server. In order to write logs to a pipe, simply replace the filename with the pipe character "|", followed by the name of the executable which should accept log entries on its standard input. The server will start the piped-log process when the server starts, and will restart it if it crashes while the server is running. (This last feature is why we can refer to this technique as "reliable piped logging".)

Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root. It is therefore very important to keep the programs simple and secure.

One important use of piped logs is to allow log rotation without having to restart the server. The Apache HTTP Server includes a simple program called rotatelogs for this purpose. For example, to rotate the logs every 24 hours, you can use:

CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common

Please find the url for additional informaton:

http://httpd.apache.org/docs/current/logs.html

Hope it helps

Thanks

Sandeep

Centos logrotate found error, skipping

2 Answers2