Hi,
I am trying to store firewall logs on a Debian machine via rsyslog.
The configuration works - logs are being received in the configured file -
Code:
/var/log/fwlogs/fw.log
The plan is to rotate the logs on a daily basis using logrotate, the /etc/logrotate.d/fw file is:
Code:
/var/log/fwlogs/fw.log {
daily
rotate 30
copytruncate
dateext
compress
dateformat -%Y-%m-%d-%H%M%S
olddir /var/log/fwlogs/old
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
I did try checking the configuration with
Code:
# logrotate --debug --verbose /etc/logrotate.conf
and nothing seems amiss...
Code:
rotating pattern: /var/log/fwlogs/fw.log after 1 days (30 rotations)
olddir is /var/log/fwlogs/old, empty log files are rotated, old logs are removed
considering log /var/log/firewall/firewall.log
Now: 2023-12-13 12:44
Last rotated at 2023-12-13 00:00
log does not need rotating (log has been rotated at 2023-12-13 00:00, which is less than a day ago)
But logs weren't rotated as the text in bold above would have us believe:
Code:
~# stat /var/log/fwlogs/fw.log
File: /var/log/fwlogs/fw.log
Size: 42086802824 Blocks: 82200816 IO Block: 4096 regular file
Device: 259,2 Inode: 4068299 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-12-13 12:46:06.147399605 +0530
Modify: 2023-12-13 12:46:06.143399587 +0530
Change: 2023-12-13 12:46:06.143399587 +0530
Birth: 2023-12-12 15:21:29.754243156 +0530
If all goes as per plan, a new logfile would be created every midnight, the log file from the previous day would be moved a directory named old within the logs directory.
Well, things aren't going as per plan and logrotation isn't working at the moment and i am hoping get help on this here
