Ubuntu
logrotate package

logrotate rotates logs before analysers can parse them

Bug #590342 reported by reini on 2010-06-06

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	logrotate (Ubuntu)	New	Undecided	Unassigned
Nominated for Lucid by reini

Bug Description

Binary package hint: logrotate

Since logrotate is called from anacron via the cron.daily directory, anything that is also located in that directory and has a name after "logrotate", won't be able to access the logs rotated by logrotate.

I want to generate reports about my local squid3 installation and the analysers I use are "srg" and "sarg". Since they are executed after logrotate, the squid3 log will be empty when they run, making the whole effort an exercise in futility and annoying me with emails such as this:

--------------------------------
/etc/cron.daily/sarg:
SARG: unexpected end of file encountered in /var/log/squid3/access.log
SARG: Keine Datensaetze gefunden
/etc/cron.daily/srg:
No logfile lines found to process!
run-parts: /etc/cron.daily/srg exited with return code 1
--------------------------------

To remedy this, /etc/cron.daily/logrotate should be run after all other files run by anacron.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: logrotate 3.7.8-4ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-22.35-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Sun Jun 6 10:37:50 2010
EcryptfsInUse: Yes
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: logrotate

Tags:

Revision history for this message

reini (rrumberger) wrote on 2010-06-06:

Dependencies.txt Edit (867 bytes, text/plain; charset="utf-8")

Revision history for this message

Alain Reguera Delgado (areguera) wrote on 2015-01-26:

It is necessary to change the /etc/logrotate.d/squid3 file to rotate from daily to monthly so the /var/log/squid3/access.log file be present for a longer period of time and sarg can have more information to work with. In Ubuntu 14.04 LTS, /etc/logrotate.d/squid3 looks like the following:

/var/log/squid3/*.log {
        monthly
        compress
        delaycompress
        rotate 2
        missingok
        nocreate
        sharedscripts
        prerotate
                test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports monthly
        endscript
        postrotate
                test ! -e /var/run/squid3.pid || test ! -x /usr/sbin/squid3 || /usr/sbin/squid3 -k rotate
        endscript
}

Note here that the rotation frequency (monthly in this case) must be provided as argument to sarg-reports command (it by default isn't and generates an issue) so logrotate and sarg be both consequent one another.