Hey guys, I have this log rotation script setup in my /etc/logrotate.d folder /var/log/elasticsearch/*.log { daily rotate 100 size 50M copytruncate compress delaycompress missingok notifempty create 644 elasticsearch elasticsearch } And I notice that log files are still being generated that are upwards of 7 or 8 GBs. Can anyone point out to me where the script is going wrong, and why log files for ES are growing so incredibly big? I would think that having that logrotate script in place should solve that problem. Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On 07/28/2016 07:40 AM, Tim Dunphy wrote:> Hey guys, > > I have this log rotation script setup in my /etc/logrotate.d folder > > /var/log/elasticsearch/*.log { > daily > rotate 100 > size 50M > copytruncate > compress > delaycompress > missingok > notifempty > create 644 elasticsearch elasticsearch > } > > And I notice that log files are still being generated that are upwards of 7 > or 8 GBs. Can anyone point out to me where the script is going wrong, and > why log files for ES are growing so incredibly big? I would think that > having that logrotate script in place should solve that problem. > > Thanks, > Tim >Tim, First, logrotate only checks the state of the logfiles once a day, so if your log grows to 8GB in a day, it has no chance to do anything about it. Second, elasticsearch is using log4j to control its logs. It has its own naming and rotation rules and should not need to involve logrotate at all. See /etc/elasticsearch/logging.yml Third, if you generate that much logging in a day, maybe lowering the loglevel, or perhaps there is a problem that should be fixed. -Thomas
ok, good advice! thanks! On Thu, Jul 28, 2016 at 2:06 PM, Thomas Eriksson < thomas.eriksson at slac.stanford.edu> wrote:> On 07/28/2016 07:40 AM, Tim Dunphy wrote: > > Hey guys, > > > > I have this log rotation script setup in my /etc/logrotate.d folder > > > > /var/log/elasticsearch/*.log { > > daily > > rotate 100 > > size 50M > > copytruncate > > compress > > delaycompress > > missingok > > notifempty > > create 644 elasticsearch elasticsearch > > } > > > > And I notice that log files are still being generated that are upwards > of 7 > > or 8 GBs. Can anyone point out to me where the script is going wrong, and > > why log files for ES are growing so incredibly big? I would think that > > having that logrotate script in place should solve that problem. > > > > Thanks, > > Tim > > > > Tim, > > First, logrotate only checks the state of the logfiles once a day, so > if your log grows to 8GB in a day, it has no chance to do anything > about it. > > Second, elasticsearch is using log4j to control its logs. It has its > own naming and rotation rules and should not need to involve logrotate > at all. See /etc/elasticsearch/logging.yml > > Third, if you generate that much logging in a day, maybe lowering the > loglevel, or perhaps there is a problem that should be fixed. > > -Thomas > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B