Page 1 of 1

Logrotate Cron job

Posted: 2019/05/09 15:36:50
by plainsadmin
I have been attempting to get a logrotate script to work on this CentOS cloud instance, for an embarrassingly long amount of time.

Here is my logrotate script that I have located at: /etc/logrotate.d/natpass

cat /etc/logrotate.d/natpass
/usr/local/natpass/logs/natpass.log {
su root root
size 512K
create 700 root root
copytruncate
rotate 10
}

When I run the command:
logrotate /etc/logrotate.d/natpass

The logs do rotate as they should, however when I set up this Cron job:

cat /etc/cron.d/natpass
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

* * * * * root /usr/sbin/logrotate /etc/logrotate.d/natpass

The logs do not rotate.

You can see in /var/log/cron that the logrotate command is running, but there is no rotation occurring on the /usr/local/natpass/logs/natpass.log

May 9 15:20:01 NAT-PASS CROND[116973]: (root) CMD (/usr/lib64/sa/sa1 1 1)
May 9 15:21:01 NAT-PASS CROND[119606]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:22:01 NAT-PASS CROND[122190]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:23:01 NAT-PASS CROND[124793]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:24:02 NAT-PASS CROND[127438]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:25:01 NAT-PASS CROND[130005]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:26:01 NAT-PASS CROND[2334]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:27:01 NAT-PASS CROND[4988]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:28:01 NAT-PASS CROND[7652]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:29:01 NAT-PASS CROND[10267]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:30:01 NAT-PASS CROND[12909]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:30:01 NAT-PASS CROND[12908]: (root) CMD (/usr/lib64/sa/sa1 1 1)
May 9 15:31:01 NAT-PASS CROND[15535]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:32:01 NAT-PASS CROND[18119]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)
May 9 15:32:36 NAT-PASS crontab[19644]: (root) REPLACE (root)
May 9 15:33:01 NAT-PASS crond[123923]: (root) RELOAD (/var/spool/cron/root)
May 9 15:33:01 NAT-PASS CROND[20748]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/natpass)

Does anyone have any suggestions or see anything that I am doing wrong?

Thanks in advance.

Re: Logrotate Cron job

Posted: 2019/05/09 17:07:36
by TrevorH
I suspect that logrotate is not allowed to access files under /usr/local/natpass/logs/ as they probably have the wrong selinux context on them. Perhaps you need to use semanage fcontext (see man semanage-fcontext) to set up what are known as equivalence rules to assign the correct context to them based on the setup of /var/log itself (or just move your log files under there in the first place and be done!).

That's only a theory but if you run aureport -a then you should see some avcs in the audit log around the timestamp of the last logrotate run. Use ausearch using those aureport lines to show the full error.

Re: Logrotate Cron job

Posted: 2019/05/09 17:18:55
by aks
Apart from what Treevor said, doesn't logrotate require a state file (-s)?

Re: Logrotate Cron job

Posted: 2019/06/17 17:35:41
by quqonlik
Try:

* * * * * /usr/sbin/logrotate -f /etc/logrotate.d/natpass

Re: Logrotate Cron job

Posted: 2019/06/18 18:41:59
by aks
I was thinking more along the lines of a state file as in:
/sbin/logrotate -s /var/spool/logrotate.status /etc/logrotate.conf