Logrotate error

[xgeek]

Hi Guys,

I am hoping someone can help me with the following error I get with the logrotate script.

My server is a less that a month old and everything is working well except the logrotate cron job.

Okay here is what is going on:-

logrotate gets run every day via cron.
The contents of my logrotate.conf is :-

Code:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

I guess this will change my logs once a week.

Now when the week is up and my logs are due to be rotated. I get this error:-

Code:

error: error running shared postrotate script for /var/log/httpd/access_log /var/log/httpd/agent_log /var/log/httpd/error_log /var/log/httpd/referer_log
error: error running postrotate script
error: error running postrotate script
error: error running shared postrotate script for /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron

If I check my logs, they have been incremented okay i.e. secure becomes secure.1
But the problem is that after the rotation the server writes the logs to the .1 file and not the secure file and the secure file stays at 0 bytes.

Note this is the same for all log files.

So basically although the logs do get rotated, the server writes to the .1 log after rotation and not the newly created log.

If I reboot the server all the logs are written to the base log files again untill the following week when it happens again.

Why on logrotation does the server not write to the new logs?

Many thanks with any help.

[xgeek]

Hmm Okay I found that the cause of this error is because my /tmp partition is mounted noexec

If I set /tmp to allow binary execution it works fine.

I guess Logrotate writes a script to /tmp? and if this partion is set to noexec it fails?

Okay what do I do now most security advice on the web states that /tmp should be set to noexec?
Do I leave it set so binaries can run or can I set another place that logrotate writes it's temp script too?

Many thanks

[peterhou]

I've the same ploblem:
the log file shows:server logrotate: ALERT exited abnormally with [1]
and my /tmp partition is mounted noexec also.
But all the log files seems can show new logs.
Anybody can explans how logrotate work?

Regards
peter

[t.bloo]

I have the same on Fedora 3. http.log and message.log etcetera get empty and the logging continues in the .1, .2, .3, .4 files.

I get these errors mailed:

Code:

/etc/cron.daily/logrotate:

error: error running shared postrotate script for /var/log/httpd/access_log /var/log/httpd/agent_log /var/log/httpd/error_log /var/log/httpd/referer_log 
error: error running shared postrotate script for /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron

Has anybody a how-to to change this behaviour? Mounting /tmp differently is not exactly a solution I think.

Sending sighup to syslogd will do the trick but that's also not very well...

[jlasman]

Mounting /tmp noexec shouldn't cause any problems with logrotate, but if it doesn, you can always remount /tmp just before and again just after, logrotation.

Jeff

[genexis]

Hi this is the problem i am facing. I'm using CenOS 4.3 on DA 1.266 with an almost clean install and i followed all the partitions required. my /tmp is mounted with noexec also.

Now, my logs do rotate, but they are not updated on the new files. For example,

in /var/log, the file "messages" has been rotated 2 times.
So i have
messages
messages.1
messages.2

However, new logs are still input into messages.2, and it is becoming very big. messages and messages.1 are both 0kb.
Anybody knows of a solution to this problem ?


All other files are having the same issue, such as apf, cron etc.. However, files which are in a directory it self, such as httpd, exim are working fine.

my /etc/logrotate.conf and /etc/logrotate.d has not been touched since installation.
In my log files i found this:

[root@nexus log]# grep ALERT *
messages.2:May 7 04:02:53 nexus logrotate: ALERT exited abnormally with [1]
messages.2:May 14 04:02:07 nexus logrotate: ALERT exited abnormally with [1]
[root@nexus log]#



[root@nexus log]# ls -la|grep messages
-rw------- 1 root root 0 May 14 04:02 messages
-rw------- 1 root root 0 May 7 04:02 messages.1
-rw------- 1 root root 37391817 May 16 14:34 messages.2
[root@nexus log]#



anybody ?

[genexis]

hello, need some help, still can't solve it.

[toml]

If you mount /tmp with noexec, then logrotate can't create their temporary script and execute it. The way to fix this, is to set the enviroment variable TMPDIR to a directory that does have execute permissions. Just add

Code:

TMPDIR=/path_to_some_dir_with_exec_perms
export TMPDIR

to the file /etc/cron.daily/logrotate, before it executes logrotate. This will tell logrotate to use the $TMPDIR directory for creating and executing temporary scripts.

The reason the .1 or .2 files are still being logged to, is that the script couldn't execute and send the signal to the process. It is still logging to the original inode, which never changed, only the filename changed.

[genexis]

hi, thanks for the reply
now my /etc/cron.daily/logrotate looks like this:

#!/bin/sh
TMPDIR=/var/tmp
export TMPDIR
/usr/sbin/logrotate /etc/logrotate.conf
TMPDIR=/tmp
export TMPDIR

EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0


doi need to export back to the old /tmp ? Is the above correct ?

[toml]

You don't have to reset it back to /tmp, it is not needed. It won't hurt though.

[computerlady911]

I did this. Now I have a question. I want my /tmp to be mounted noexec. Does this just undo that for this script, or does it undo it for everything?

[toml]

Quote:

Originally Posted by computerlady911

I did this. Now I have a question. I want my /tmp to be mounted noexec. Does this just undo that for this script, or does it undo it for everything?

I am not sure what you mean by undo. The changes mentioned above, are needed for those that mount /tmp noexec, and run logrotate. Since logrotate needs to execute some scripts that are created dynamically, it needs a new location to do it in, and that is where TEMPDIR comes in. This change only affects logrotate.

[computerlady911]

Great. I just wanted to be sure that my /tmp dir remains mounted noexec.

[transix]

I'm also getting a logrotate error on one of our Direct Admin webservers.
I think this is the same problen as the topicstarter.

Here is the error:

Code:

/etc/cron.daily/logrotate:

error: error running shared postrotate script for /var/log/httpd/access_log
/var/log/httpd/agent_log /var/log/httpd/error_log /var/log/httpd/referer_log
/var/log/httpd/suexec_log
error: error running postrotate script
error: error running postrotate script
error: error running postrotate script
error: error running shared postrotate script for /var/log/messages
/var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log
/var/log/cron
/etc/cron.daily/prelink:

/etc/cron.daily/prelink: line 47: 17595 Aborted
/usr/sbin/prelink -av $PRELINK_OPTS >>/var/log/prelink.log 2>&1

I also mounted /tmp with noexec
Do I have to chance /etc/cron.daily/logrotate into the following?:

Code:

#!/bin/sh

TMPDIR=/var/tmp
export TMPDIR

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

Awaiting you response...

Mark

[Lazypete]

If I may introduce to your attention this fact

If you use this

Code:

#!/bin/sh

TMPDIR=/var/tmp
export TMPDIR

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

This will change your tmp dir for everything, not just logrotate.
But if you simply do this

Code:

#!/bin/sh

TMPDIR=/var/tmp /usr/sbin/logrotate /etc/logrotate.conf

EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

This will not change the value of TMPDIR except for the shell that execute logrotate. So no other application will be affected.

Remember that if you boot your server TMPDIR will be set to /tmp
when logrotate execute you will change the value of TMPDIR
and since you export it, it will be changed until a reboot.
(or until you change it again)

Which you probably dont want.

You can test this with this simple script, see for youself

Code:

#!/bin/sh

echo "Setting SOMEVARZ to a value"

SOMEVARZ=value; export SOMEVARZ

echo "Whats the value of SOMEVARZ?"
env | grep SOME

echo "No teporarily set this var for a subshell and see"
SOMEVARZ=other env | grep SOMEVARZ

echo "What value is it now?"
env | grep SOMEVARZ

SOMEVARZ=

exit 0