DEV Community 👩‍💻👨‍💻

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at on

Debian: logrotate won’t rotate logs with an “unknown group ‘syslog'” error

We have an AWS EC2 with Debian and logrotate.

One day its root partition was exhausted and when I started investigating it – found, that we have a bunch of files like /var/log/syslog.N.gz.

At the same time by default logrotate creates a config file to rotate syslog log files:

root@monitoring-dev:~# cat /etc/logrotate.d/syslog
# Ansible managed

/var/log/syslog {
  size 10M
  rotate 1

Thus, we must have only files syslog + syslog.1, but instead:

root@monitoring-dev:~# ll /var/log/ | grep syslog
-rw-r----- 1 root        adm      11925 Oct  9 09:26 syslog
-rw-r----- 1 root        adm     361150 Oct  9 06:25 syslog.1
-rw-r----- 1 root        adm       7712 Oct  8 06:25 syslog.2.gz
-rw-r----- 1 root        adm       7562 Oct  7 06:25 syslog.3.gz
-rw-r----- 1 root        adm       7832 Oct  6 06:25 syslog.4.gz
-rw-r----- 1 root        adm       7720 Oct  5 06:25 syslog.5.gz
-rw-r----- 1 root        adm       7641 Oct  4 06:25 syslog.6.gz
-rw-r----- 1 root        adm       8072 Oct  3 06:25 syslog.7.gz

Let’s check – run logrotate with the --debug option:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
error: /etc/logrotate.conf:5 unknown group 'syslog'
removing last 0 log configs

unknown group ‘syslog’

And here is our error.

The error appears because of the fact that Debian OS has no the syslog users group, but instead, it has an adm group which is the default user group for log-files.

Check the /etc/logrotate.conf content:

# Ansible managed
# see "man logrotate" for details
su root syslog

And check existing users groups:

root@monitoring-dev:~# cat /etc/group

Replace syslog with adm:

# Ansible managed 
# see "man logrotate" for details
su root adm

And check again:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file apt
reading config file certbot
reading config file chrony
reading config file daemonlog
reading config file dpkg
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries


Similar posts

Top comments (0)

Git push

Stop by this week's meme thread!