3

I just realized that since the upgrade to 22.04.1, logrotate is not working. Syslog hasn't been rotated for many days. It's supposed to be run by systemd timers, and the related timer is activated:

# systemctl list-timers
NEXT                         LEFT               LAST                         PA>
Thu 2022-09-15 23:09:00 CEST 20min left         Thu 2022-09-15 22:39:22 CEST 9m>
Thu 2022-09-15 23:30:42 CEST 42min left         Thu 2022-09-15 22:33:38 CEST 14>
Thu 2022-09-15 23:55:00 CEST 1h 6min left       Wed 2022-09-14 23:55:05 CEST 22>
Fri 2022-09-16 00:00:00 CEST 1h 11min left      n/a                          n/>
Fri 2022-09-16 00:00:00 CEST 1h 11min left      Thu 2022-09-15 00:00:01 CEST 22>
Fri 2022-09-16 02:35:57 CEST 3h 47min left      Thu 2022-09-15 02:35:57 CEST 20>
Fri 2022-09-16 02:46:01 CEST 3h 57min left      Thu 2022-09-15 02:46:01 CEST 20>
Fri 2022-09-16 03:22:12 CEST 4h 33min left      Thu 2022-09-15 10:43:31 CEST 12>
Fri 2022-09-16 04:26:17 CEST 5h 37min left      Thu 2022-09-15 22:04:50 CEST 43>
Fri 2022-09-16 06:28:52 CEST 7h left            Thu 2022-09-15 06:39:52 CEST 16>
Fri 2022-09-16 06:54:45 CEST 8h left            Thu 2022-09-15 00:59:05 CEST 21>
Fri 2022-09-16 07:27:18 CEST 8h left            Thu 2022-09-15 20:08:18 CEST 2h>
Fri 2022-09-16 10:23:45 CEST 11h left           Thu 2022-09-15 19:41:01 CEST 3h>
Sun 2022-09-18 03:10:01 CEST 2 days left        Sun 2022-09-11 03:11:05 CEST 4 >
Mon 2022-09-19 00:14:45 CEST 3 days left        Mon 2022-09-12 00:40:35 CEST 3 >
Sun 2022-09-25 02:14:00 CEST 1 week 2 days left Sun 2022-09-11 10:56:49 CEST 4 >

16 timers listed.

As per the syslog, logrotate is also running:

Sep 14 00:00:08 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 14 02:30:41 server1 systemd[1]: logrotate.timer: Deactivated successfully.
Sep 15 00:00:01 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 15 02:30:42 server1 systemd[1]: logrotate.timer: Deactivated successfully.

Also confirmed by systemd:

# systemctl status logrotate.timer
● logrotate.timer - Daily rotation of log files
     Loaded: loaded (/lib/systemd/system/logrotate.timer; enabled; vendor prese>
     Active: active (waiting) since Thu 2022-09-15 02:30:57 CEST; 20h ago
    Trigger: Fri 2022-09-16 00:00:00 CEST; 1h 8min left
   Triggers: ● logrotate.service
       Docs: man:logrotate(8)
             man:logrotate.conf(5)

Sep 15 02:30:57 server1 systemd[1]: Started Daily rotation of log fil

But no logs were rotated. When I start logrotate manually as specified in logrotate.service, nothing happens (no output, no logs rotated):

root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate /etc/logrotate.conf
root@server1:/usr/lib/systemd/system#

When I then start logrotate with -vf to see what's wrong, logs ARE indeed rotated:

root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate -vf /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d

How am I supposed to debug this and get logrotate to run regularly, please?

ThinkHard
  • 303

1 Answers1

7

I experienced an issue with the same symptoms that also started after an update. In my case it was from Ubuntu 21.10 to 22.04.

I was able to run:

logrotate /etc/logrotate.d/rsyslog --debug

This is the error that was the most relevent:

error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

Check to see which group is assigned to /var/log you can see in my case it was syslog.

ls -alh /var/
drwxrwxr-x 16 root syslog   4.0K Sep 27 19:25 log

I added the line below to /etc/logrotate.d/rsyslog

su syslog syslog

In the end my /etc/logrotate.d/rsyslog file looks like this.

/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
    su syslog syslog
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

With those edits I was able to run this again the errors I had seen above were gone. I removed the --debug from the end of the command and re-ran it. The syslog file had rotated along with the others that had errors.

logrotate /etc/logrotate.d/rsyslog --debug
RusticXploit
  • 86
  • can confirm this solution fixed it, kudos! No comment on it on the Ubuntu's bug tracker on launchpad. Wonder how many got bitten by this obnoxious bug. – t0mm13b May 10 '23 at 21:31
  • 1
    So what really confuses me is that on Ubuntu 20.04 LTS, logrotate is rotating syslog just fine, but if I manually run it with the config file, I get this warning... so I'm at a loss to explain how my syslog is getting rotated nightly. – aggieNick02 Jun 13 '23 at 16:39