Logrotate not working on for logs created by rsyslog

Latest response

I'm running a rhel7 server and I have a rsyslog logrotate config file that doesn't seem to run using cron job. It will only work if i run it manually

Troubleshooting steps i took:
1, logrotate -df /etc/logrotate.d/rsyslog
Result: Able to log rotate successfully

  1. run-parts /etc/cron.daily
    Result: Able to log rotate successfully (Verify by looking at timestamp of cron log in /var/log/cron)
    Jun 6 15:42:19 server run-parts(/etc/cron.daily)[144143]: starting logrotate
    Jun 6 15:49:26 server run-parts(/etc/cron.daily)[146078]: finished logrotate

However, the problem is if i let it run normally by itself it does not seem to rotate. However, it does the rotation for other config file (e.g syslog)

Based on the behavior above, I came to a conclusion that
1. my config file is working
2. should be a SELINUX permissioning issue that is stopping my logrotate

However, i ran the command "ls -Zd" on the files to be rotated, as well as their parent folders but i do not see any issue with the permissioning. All of the logs are tagged with var_log_t.

Any idea how can i troubleshoot further?

KW
Log in to join the conversation

Responses

KW Newbie 12 points
16 June 2016 4:50 AM

Adding on, i ran "aureport -a" and got the following messages:

  1. 06/13/2016 03:20:01 logrotate system_u:system_r:logrotate_t:s0-s0:c0.c1023 257 dir read unconfined_u:object_r:unlabeled_t:s0 denied 2350
  2. 06/14/2016 03:07:01 logrotate system_u:system_r:logrotate_t:s0-s0:c0.c1023 257 dir read unconfined_u:object_r:unlabeled_t:s0 denied 2988
  3. 06/15/2016 03:16:01 logrotate system_u:system_r:logrotate_t:s0-s0:c0.c1023 257 dir read unconfined_u:object_r:unlabeled_t:s0 denied 3591
LC Newbie 19 points
4 August 2018 7:11 PM

logrotaion is not working in rhel7 ,we are suspecting issue w.r.t to selinux ,we are expecting the solution to fix this issue,because of this cron jobs are not working on server

Please share me the troubleshooting steps or solution.

SM Guru 3716 points
7 August 2018 5:21 PM

Does this means that you could rotate logs by using force option, however, it doesn't gets rotated by system which is supposed to be? How do you suspect that it could be because of SELinux? Have you tried rotating logs in debug mode to check for any syntax errors? Have you verified required SELinux context tags are set for your customized logs?

Please check the following links: How to debug logrotate warnings or errors when logrotate is not running correctly logrotate is not rotating files in custom location

The later link gives details about what should be SELinux context tag for logs to get rotated when SELinux in enforcing mode, and how to set if that is not set properly.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.