DEV Community

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at rtfm.co.ua on

4 1

Debian: logrotate won’t rotate logs with an “unknown group ‘syslog'” error

We have an AWS EC2 with Debian and logrotate.

One day its root partition was exhausted and when I started investigating it – found, that we have a bunch of files like /var/log/syslog.N.gz.

At the same time by default logrotate creates a config file to rotate syslog log files:

root@monitoring-dev:~# cat /etc/logrotate.d/syslog
# Ansible managed

/var/log/syslog {
  size 10M
  rotate 1
  daily
  ...
}

Thus, we must have only files syslog + syslog.1, but instead:

root@monitoring-dev:~# ll /var/log/ | grep syslog
-rw-r----- 1 root        adm      11925 Oct  9 09:26 syslog
-rw-r----- 1 root        adm     361150 Oct  9 06:25 syslog.1
-rw-r----- 1 root        adm       7712 Oct  8 06:25 syslog.2.gz
-rw-r----- 1 root        adm       7562 Oct  7 06:25 syslog.3.gz
-rw-r----- 1 root        adm       7832 Oct  6 06:25 syslog.4.gz
-rw-r----- 1 root        adm       7720 Oct  5 06:25 syslog.5.gz
-rw-r----- 1 root        adm       7641 Oct  4 06:25 syslog.6.gz
-rw-r----- 1 root        adm       8072 Oct  3 06:25 syslog.7.gz

Let’s check – run logrotate with the --debug option:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
error: /etc/logrotate.conf:5 unknown group 'syslog'
removing last 0 log configs

unknown group ‘syslog’

And here is our error.

The error appears because of the fact that Debian OS has no the syslog users group, but instead, it has an adm group which is the default user group for log-files.

Check the /etc/logrotate.conf content:

# Ansible managed
# see "man logrotate" for details
weekly
su root syslog
...

And check existing users groups:

root@monitoring-dev:~# cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:admin
...

Replace syslog with adm:

# Ansible managed 
# see "man logrotate" for details
weekly
su root adm
...

And check again:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file apt
reading config file certbot
reading config file chrony
reading config file daemonlog
reading config file dpkg
...
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries
...

Done.

Similar posts

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay