Logrotation has different behaviors when reading from "/etc/logrotate.conf" and "/etc/logrotate.d/*conf" files

We need to keep only one log file of each service in our Ubuntu 20.04 servers. I’ve modified the /etc/logrotate.conf file as follows:

weekly
su root adm
rotate 0
create
ifempty
include /etc/logrotate.d

And for a specific service, think of misc for example, which makes the vmware-network.log log files, I have a config file in /etc/logrotate.d/misc which is as follows:

/var/log/vmware-network.*.log {
  su root root
  rotate 0
  daily
  missingok
  ifempty
}

Now when I test my logrotation with logrotate -fv /etc/logrotate.conf, it doesn’t delete any of vmware-network.*.log files, it just makes them zero in size. However when I use logrotate -fv /etc/logrotate.d/misc, it keeps only one vmware-network.log file and deletes other numbered log files.

logrotate doesn’t do my desired job since it is reading from the default config file /etc/logrotate.conf. I want to know what is making this difference between these two config files and how to resolve it.

P.S:

  1. All other config files of /etc/logrotate.d/ have the same behavior. they will keep one log file when forced to read from them. I only mentioned misc here because it has many vmware-network.log files and I can easily see the difference it makes.

  2. The permissions and user/groups of mentioned log files and /var/log are:

    -rw-------  1 root   root   vmware-network.log  
    drwxrwxr-x 15 root syslog   /var/log/
    
  3. I’ve tried different approaches with different configurations, but none of each worked. I’ve also added misc logrotation config into the logrotate.conf and executed it, but the output was still the same.

  4. One common error I’ve run into was:

    error: skipping "/var/log/vmware-network.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    

    And I set different su directives for different config files, e.g su root adm for /etc/logrotate.d/rsyslog. Although it didn’t send me the error, still not doing the job.

Any help would be appreciated.

Asked By: O_Ofsk24

||

I tried to reproduce your problem on my own servers (Ubuntu 20.04), and I found out you should remove create directive from the main config file meaning /etc/logrotate.conf and add it ( if needed ) in sub-config files existing in /etc/logrotate.d/<CONFIG_FILE>.

Even though it appears that this approach resolves your issue, I don’t exactly know what’s the reason behind it so I cannot give you reference-based reasons. I’ve found this by trial and error.

Answered By: Sinux
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.