loading...

Debian: logrotate won’t rotate logs with an “unknown group ‘syslog'” error

setevoy profile image Arseny Zinchenko Originally published at rtfm.co.ua on ・2 min read

We have an AWS EC2 with Debian and logrotate.

One day its root partition was exhausted and when I started investigating it – found, that we have a bunch of files like /var/log/syslog.N.gz.

At the same time by default logrotate creates a config file to rotate syslog log files:

root@monitoring-dev:~# cat /etc/logrotate.d/syslog
# Ansible managed

/var/log/syslog {
  size 10M
  rotate 1
  daily
  ...
}

Thus, we must have only files syslog + syslog.1, but instead:

root@monitoring-dev:~# ll /var/log/ | grep syslog
-rw-r----- 1 root        adm      11925 Oct  9 09:26 syslog
-rw-r----- 1 root        adm     361150 Oct  9 06:25 syslog.1
-rw-r----- 1 root        adm       7712 Oct  8 06:25 syslog.2.gz
-rw-r----- 1 root        adm       7562 Oct  7 06:25 syslog.3.gz
-rw-r----- 1 root        adm       7832 Oct  6 06:25 syslog.4.gz
-rw-r----- 1 root        adm       7720 Oct  5 06:25 syslog.5.gz
-rw-r----- 1 root        adm       7641 Oct  4 06:25 syslog.6.gz
-rw-r----- 1 root        adm       8072 Oct  3 06:25 syslog.7.gz

Let’s check – run logrotate with the --debug option:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
error: /etc/logrotate.conf:5 unknown group 'syslog'
removing last 0 log configs

unknown group ‘syslog’

And here is our error.

The error appears because of the fact that Debian OS has no the syslog users group, but instead, it has an adm group which is the default user group for log-files.

Check the /etc/logrotate.conf content:

# Ansible managed
# see "man logrotate" for details
weekly
su root syslog
...

And check existing users groups:

root@monitoring-dev:~# cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:admin
...

Replace syslog with adm:

# Ansible managed 
# see "man logrotate" for details
weekly
su root adm
...

And check again:

root@monitoring-dev:~# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file apt
reading config file certbot
reading config file chrony
reading config file daemonlog
reading config file dpkg
...
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries
...

Done.

Similar posts

Discussion

pic
Editor guide