Some older versions of rsyslog may have trouble resuming on a log file after the log rotate has run. We can force rsyslog to pick up the new log file by adding a postrotate command in logrotate. This will restart rsyslog and delete the state files so it will continue reading from the beginning of the newly created file.
Configuration files are located in this directory on most linux distributions
cd /etc/logrotate.d
Find the appropriate configuration file and open it with a text editor. In this example, we’ll use the nginx log files.
sudo vim nginx
You will see the default configuration given below
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}
All the commands written between the postrotate and endscript gets executed after each log rotation. In this example, we can see that nginx is restarted. We will add additional commands here soon.
Find the files rsyslog writes to track the state of the files are monitoring. We will configure the postrotate command to delete these configuration files so rsyslog starts fresh at the beginning of the new log file. If you used the configure-file-monitoring script, it will include the alias you passed as a parameter.
ls /var/spool/rsyslog/stat-*
Here we can see two state files for nginx
/var/spool/rsyslog/stat-nginx-access /var/spool/rsyslog/stat-nginx-error
Add the following commands in the postrotate section to restart rsyslog and delete the state files. Replace the path given to the rm command with the path to the rsyslog state files found above. In this example, we are deleting the state files for nginx.
rm /var/spool/rsyslog/stat-* service rsyslog stop service rsyslog start
If you don’t see any data show up in the verification step, then check for these common problems.
Article Number: 647
Posted: Sun, Jan 12, 2020 12:22 AM
Last Updated: Sun, Jan 12, 2020 12:22 AM
Online URL: http://kb.ictbanking.net/article.php?id=647