[rsyslog] Dynamic file not generated after log rotation

Tue, 02 Jun 2020 07:30:15 -0700 

I have some switches/firewalls sending logs to my logging server through
both TCP/UDP and I have noticed that whenever these logs are rotated, the
dynamic files are not generated when logrotate sends a HUP signal to
rsyslog.

I have the following rsyslog ruleset that is applied to the inputs for the
imudp and imtcp modules:
----------------------------------------------------
template(name="remote_log_path" type="string"
string="/syslog_data/logs/%fromhost-ip%/%fromhost-ip%.syslog.log")

ruleset(name="remote_logging_rules") {
    # filter junk messages using if-statement
    action(
        type="omfile"
        dynaFile="remote_log_path"
        dirOwner="root"
        dirGroup="root"
        dirCreateMode="0700"
        fileOwner="root"
        fileGroup="root"
        fileCreateMode="0600"
        dynaFileCacheSize="50"
        asyncWriting="on"
        flushOnTXEnd="off"
        ioBufferSize="64k"
    )
    stop
}

module(load="imudp")
module(load="imtcp")

input(type="imudp" port="514" ruleset="remote_logging_rules")
input(type="imtcp" port="514" ruleset="remote_logging_rules")
----------------------------------------------------

I have a script under /etc/cron.daily that executes logrotate using the
following file:
----------------------------------------------------
/syslog_data/logs/*/*.log {
    notifempty
    rotate 4
    size 10M
    olddir /syslog_data/archive
    compress
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> /dev/null
|| true
    endscript
}
----------------------------------------------------

If I send the HUP signal myself, then rsyslog proceeds to generate the
files, but not when sent by logrotate. The devices sending logs are
constantly sending logs (every minute), so I know the issue is not that
they are not sending logs and therefore rsyslog doesn't generate a new
file. How can I fix this?

Thank you!
-ABB
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to