So, the question is, why can I rotate the log manually, but cron returns a permission error? Do I need to tell cron to run it as sudo or something like that? Ethon> On Nov 17, 2017, at 2:29 AM, Tom Hendrikx <tom at whyscream.net <mailto:tom at whyscream.net>> wrote: > > Hi, > > > Your crontab should normally mail you error output. But you can also run > the logrotate command manually, in verbose mode. > > > Kind regards, > Tom > > On 17-11-17 03:35, SH Development wrote: >> That doesn?t seem to work either. Where do I find logs for log rotation to see the reason it failed? >> >> Ethon >> >> >> >>> On Nov 16, 2017, at 7:53 PM, Bill Shirley <bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org> <mailto:bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org>>> wrote: >>> >>> I believe you need a 'create' statement to set the permissions. Here >>> is an example for mariadb: >>> /var/log/mariadb/general.log >>> /var/log/mariadb/slow_query.log >>> /var/log/mariadb/error.log >>> /var/log/mariadb/mariadb.log { >>> create 640 mysql mysql >>> daily >>> minsize 30M >>> notifempty >>> rotate 3 >>> missingok >>> compress >>> sharedscripts >>> postrotate >>> # # just if mysqld is really running >>> if test -x /usr/bin/mysqladmin && \ >>> /usr/bin/mysqladmin ping &>/dev/null >>> then >>> /usr/bin/mysqladmin flush-logs >>> fi >>> endscript >>> } >>> >>> Bill >>> >>> >>> On 11/16/2017 4:27 AM, SH Development wrote: >>>> I have recently noticed that my dovecot-deliver.log is huge and wanted to start rotating it. So a couple of questions: >>>> >>>> 1. Can the dovecot-deliver.log be combined with the maillog, that gets rotated weekly? If it can be done, is it advisable? >>>> Since the inception of this particular server, the log file has been located in the /home/vmail directory. Is there a reason it shouldn?t be located in the /var/log directory with the maillog? >>>> >>>> 2. Separate from above, if I create a new logrotate script example as follows: >>>> >>>> # dovecot SIGUSR1: Re-opens the log files. >>>> /home/vmail/dovecot-deliver.log { >>>> missingok >>>> notifempty >>>> delaycompress >>>> sharedscripts >>>> postrotate >>>> /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true >>>> endscript >>>> } >>>> >>>> I get the following error only when cron tries to run it: >>>> >>>> /etc/cron.daily/logrotate: >>>> error: stat of /home/vmail/dovecot-deliver.log failed: Permission denied >>>> >>>> >>>> Owner on the log are vmail:vmail. If I manually force logrotate on this particular log, it works fine. >>>> >>>> >>>> Ethon
HI, Do you have selinux activated? Maybe the context for logrotate does not allow accessing files under /home, and the root cli is not troubled by such a limitation? Why are you storing log files under /home anyway? Note: I don't use any OS with selinux, so can't really help with fixing this an issue. Regards, Tom On 17-11-17 22:42, SH Development wrote:> So, the question is, why can I rotate the log manually, but cron returns a permission error? Do I need to tell cron to run it as sudo or something like that? > > Ethon > >> On Nov 17, 2017, at 2:29 AM, Tom Hendrikx <tom at whyscream.net <mailto:tom at whyscream.net>> wrote: >> >> Hi, >> >> >> Your crontab should normally mail you error output. But you can also run >> the logrotate command manually, in verbose mode. >> >> >> Kind regards, >> Tom >> >> On 17-11-17 03:35, SH Development wrote: >>> That doesn?t seem to work either. Where do I find logs for log rotation to see the reason it failed? >>> >>> Ethon >>> >>> >>> >>>> On Nov 16, 2017, at 7:53 PM, Bill Shirley <bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org> <mailto:bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org>>> wrote: >>>> >>>> I believe you need a 'create' statement to set the permissions. Here >>>> is an example for mariadb: >>>> /var/log/mariadb/general.log >>>> /var/log/mariadb/slow_query.log >>>> /var/log/mariadb/error.log >>>> /var/log/mariadb/mariadb.log { >>>> create 640 mysql mysql >>>> daily >>>> minsize 30M >>>> notifempty >>>> rotate 3 >>>> missingok >>>> compress >>>> sharedscripts >>>> postrotate >>>> # # just if mysqld is really running >>>> if test -x /usr/bin/mysqladmin && \ >>>> /usr/bin/mysqladmin ping &>/dev/null >>>> then >>>> /usr/bin/mysqladmin flush-logs >>>> fi >>>> endscript >>>> } >>>> >>>> Bill >>>> >>>> >>>> On 11/16/2017 4:27 AM, SH Development wrote: >>>>> I have recently noticed that my dovecot-deliver.log is huge and wanted to start rotating it. So a couple of questions: >>>>> >>>>> 1. Can the dovecot-deliver.log be combined with the maillog, that gets rotated weekly? If it can be done, is it advisable? >>>>> Since the inception of this particular server, the log file has been located in the /home/vmail directory. Is there a reason it shouldn?t be located in the /var/log directory with the maillog? >>>>> >>>>> 2. Separate from above, if I create a new logrotate script example as follows: >>>>> >>>>> # dovecot SIGUSR1: Re-opens the log files. >>>>> /home/vmail/dovecot-deliver.log { >>>>> missingok >>>>> notifempty >>>>> delaycompress >>>>> sharedscripts >>>>> postrotate >>>>> /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true >>>>> endscript >>>>> } >>>>> >>>>> I get the following error only when cron tries to run it: >>>>> >>>>> /etc/cron.daily/logrotate: >>>>> error: stat of /home/vmail/dovecot-deliver.log failed: Permission denied >>>>> >>>>> >>>>> Owner on the log are vmail:vmail. If I manually force logrotate on this particular log, it works fine. >>>>> >>>>> >>>>> Ethon-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 829 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20171118/efa150a1/attachment.sig>
No, I?m not using selinux. I didn?t set up the logging to be under /home so I don?t know why it?s going there. I do know it?s been there for many years. Hence, my question about where it SHOULD be and if it can be combined with the maillog. Ethon> On Nov 18, 2017, at 9:47 AM, Tom Hendrikx <tom at whyscream.net> wrote: > > HI, > > Do you have selinux activated? Maybe the context for logrotate does not > allow accessing files under /home, and the root cli is not troubled by > such a limitation? Why are you storing log files under /home anyway? > > Note: I don't use any OS with selinux, so can't really help with fixing > this an issue. > > Regards, > Tom > > On 17-11-17 22:42, SH Development wrote: >> So, the question is, why can I rotate the log manually, but cron returns a permission error? Do I need to tell cron to run it as sudo or something like that? >> >> Ethon >> >>> On Nov 17, 2017, at 2:29 AM, Tom Hendrikx <tom at whyscream.net <mailto:tom at whyscream.net>> wrote: >>> >>> Hi, >>> >>> >>> Your crontab should normally mail you error output. But you can also run >>> the logrotate command manually, in verbose mode. >>> >>> >>> Kind regards, >>> Tom >>> >>> On 17-11-17 03:35, SH Development wrote: >>>> That doesn?t seem to work either. Where do I find logs for log rotation to see the reason it failed? >>>> >>>> Ethon >>>> >>>> >>>> >>>>> On Nov 16, 2017, at 7:53 PM, Bill Shirley <bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org> <mailto:bill at KnoxvilleChristian.org <mailto:bill at KnoxvilleChristian.org>>> wrote: >>>>> >>>>> I believe you need a 'create' statement to set the permissions. Here >>>>> is an example for mariadb: >>>>> /var/log/mariadb/general.log >>>>> /var/log/mariadb/slow_query.log >>>>> /var/log/mariadb/error.log >>>>> /var/log/mariadb/mariadb.log { >>>>> create 640 mysql mysql >>>>> daily >>>>> minsize 30M >>>>> notifempty >>>>> rotate 3 >>>>> missingok >>>>> compress >>>>> sharedscripts >>>>> postrotate >>>>> # # just if mysqld is really running >>>>> if test -x /usr/bin/mysqladmin && \ >>>>> /usr/bin/mysqladmin ping &>/dev/null >>>>> then >>>>> /usr/bin/mysqladmin flush-logs >>>>> fi >>>>> endscript >>>>> } >>>>> >>>>> Bill >>>>> >>>>> >>>>> On 11/16/2017 4:27 AM, SH Development wrote: >>>>>> I have recently noticed that my dovecot-deliver.log is huge and wanted to start rotating it. So a couple of questions: >>>>>> >>>>>> 1. Can the dovecot-deliver.log be combined with the maillog, that gets rotated weekly? If it can be done, is it advisable? >>>>>> Since the inception of this particular server, the log file has been located in the /home/vmail directory. Is there a reason it shouldn?t be located in the /var/log directory with the maillog? >>>>>> >>>>>> 2. Separate from above, if I create a new logrotate script example as follows: >>>>>> >>>>>> # dovecot SIGUSR1: Re-opens the log files. >>>>>> /home/vmail/dovecot-deliver.log { >>>>>> missingok >>>>>> notifempty >>>>>> delaycompress >>>>>> sharedscripts >>>>>> postrotate >>>>>> /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true >>>>>> endscript >>>>>> } >>>>>> >>>>>> I get the following error only when cron tries to run it: >>>>>> >>>>>> /etc/cron.daily/logrotate: >>>>>> error: stat of /home/vmail/dovecot-deliver.log failed: Permission denied >>>>>> >>>>>> >>>>>> Owner on the log are vmail:vmail. If I manually force logrotate on this particular log, it works fine. >>>>>> >>>>>> >>>>>> Ethon > >