logrotate says it's running but it's not

Question

I have just set this box up as a log server so I can forward to a SIEM but the file is not rotating the way I expect.

/var/log/remote/*.log {
    daily
    dateext
    rotate 4
    compress
    delaycompress
}

If I run

/usr/sbin/logrotate -d /etc/logrotate.conf -fv

logrotate sees that it should rotate the logs

considering log /var/log/remote/logstash-prod.log
  log needs rotating
rotating log /var/log/remote/logstash-prod.log, log->rotateCount is 4
dateext suffix '-20151009'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
renaming /var/log/remote/logstash-prod.log to      /var/log/remote/logstash-prod.log-20151009
creating new /var/log/remote/logstash-prod.log mode = 0600 uid = 0 gid = 0

but never writes logstash-prod.log-20151009

How can I troubleshoot why this is happening?

I have disk space
I am running the command as root
/etc/logrotate.conf is the system supplied copy (AWS Linux 2015.09)

score 2 · Answer 1 · answered Oct 09 '15 at 13:42

2

RTFM helps, I assumed -d was to specify the directory containing the config. It's actually debug which is a dry run.

answered Oct 09 '15 at 13:42

TheFiddlerWins

2,999
1
15
22

logrotate says it's running but it's not

1 Answers1