Logrotate daily+maxsize is not rotating

Question

I've CentOS 7.4 with logrotate 3.8.6 installed. I've a custom logrotate file under /etc/logrotate.d/ to rotate some logs on a Tomcat (e.g., catalina.out) which is installed in the same machine.

/opt/test/apache-tomcat-8.5.15-client/logs/catalina.out {
    copytruncate
    daily
    rotate 30 
    olddir /opt/test/apache-tomcat-8.5.15-client/logs/backup
    compress
    missingok
    maxsize 50M
    dateext
    dateformat .%Y-%m-%d
}

I want the log to be rotated daily or if the size reaches 50MB. When this happens log files are compressed and copied into a backup folder and are kept for 30 days before being deleted.

I already ran logrotate manually in debug mode with the following command and no errors were displayed (and the expected zipped log files were created):

/usr/sbin/logrotate -d /etc/logrotate.d/openncp-tomcat-backoffice 2> /tmp/logrotate.debug

In /var/lib/logrotate/logrotate.status there are no issues, the files are shown as rotated but they're not in fact:

"/var/log/yum.log" 2017-11-27-19:0:0
"/opt/test/apache-tomcat-8.5.15-server/logs/catalina.out" 2017-12-15-3:41:1
"/var/log/boot.log" 2017-12-15-3:41:1
"/var/log/up2date" 2017-11-27-19:0:0

I've the default /etc/logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

I also have the default /etc/cron.daily/logrotate:

#!/bin/sh

/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

I ask for your guidance on configuring this appropriately.

Answer 1

The problem was related to the SELinux file type of the log files, which were located in a directory different from /var/log, meaning that the logrotate process didn't have access to perform its tasks. I found this other SO thread as well as this Redhat page that helped to solve the issue. I found the Redhat documentation very helpful, so I provide here 2 links:

• 5.9.3. CHECKING THE DEFAULT SELINUX CONTEXT
• 5.6.2. PERSISTENT CHANGES: SEMANAGE FCONTEXT

Answer 2

To answer your question (as in the title) about having daily and maxsize, note that by default logrotate runs once a day anyway so that means maxsize is hardly useful in that situation. The file will be rotated anyway (assuming you don't have SELinux in the way, of course).

maxsize is useful with weekly and monthly, of course, because logrotate still checks the files daily.

---

Note that the fact that logrotate runs daily is just because on many systems it is installed that way by default.

$ ls -l /etc/cron.daily
...
-rwxr-xr-x 1 root root  372 Aug 21  2017 logrotate
...

Moving that file to /etc/cron.hourly is safe and it now will be useful to have the daily option turned on:

$ sudo mv -i /etc/cron.daily/logrotate /etc/cron.hourly/logrotate

WARNING: a system like Ubuntu is likely to re-install the daily file on the next update of the logrotate package, which is rather infrequent, but can happen. I do not know of a clean way to avoid that issue. The ugly way is to create an empty file of the same name which will prevent the packager from adding the file from the package.

$ sudo touch /etc/cron.daily/logrotate

Or edit and put a comment such as:

# placeholder to prevent installer from changing this file