logrotate does not remove logs after the configured period

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • logrotate

Issue

logrotate is not removing log files older than two days. The configuration is as follows:

/var/log/rsyslog-application/.log
/var/log/rsyslog-application/
.log {
daily
rotate 2
notifempty
nocreate
dateext
compress
sharedscripts
postrotate
/bin/kill -HUP cat /var/run/syslogd.pid 2> /dev/null 2> /dev/null || true
endscript
}

Resolution

The correct solution to this problem was to remove "$YEAR%%$MONTH%%$DAY%" from /etc/rsyslog.conf file:

From:
$template (name="mytemplate" type="string" string="/var/log/rsyslog-application/%$!sourcetype%-%$YEAR%%$MONTH%%$DAY%.log")

To:
$template (name="mytemplate" type="string" string="/var/log/rsyslog-application/%$!sourcetype%.log)

Root Cause

As per the previouse template, the streamed log file will write the logs also writes the timestamp in the log filename because of the

logfile name is defined as "%$!sourcetype%-%$YEAR%%$MONTH%%$DAY%.log"

Once the date stamp is removed from the Rsyslog template, the logs written under the file with stable name.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.