Logrotate Errors — Log Rotation Configuration and Permission Failures on Linux
About Logrotate Errors
Fix Linux logrotate errors including configuration syntax failures, permission denied during rotation, and logs not being rotated as expected. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: Logrotate manages log file rotation, compression, and deletion based on configuration rules. Configuration files: /etc/logrotate.conf (global) and /etc/logrotate.d/ (per-application). Logrotate runs daily via systemd timer or cron — check scheduling if logs are not rotating. The 'copytruncate' directive is needed for applications that hold log files open (cannot be renamed). SELinux contexts on log files can prevent logrotate from operating correctly. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: Configuration syntax error preventing logrotate from processing rules. Logrotate cron job or systemd timer not running. Permission issues — logrotate running as root but log files owned by application user. Application holding log file open — rename-based rotation creates a new file the app does not write to. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Test configuration: 'logrotate -d /etc/logrotate.conf' to debug without actually rotating. Force rotation: 'logrotate -f /etc/logrotate.d/myapp' to test rotation immediately. Check the timer: 'systemctl status logrotate.timer' or 'cat /etc/cron.daily/logrotate'. Use 'copytruncate' for apps that hold files open: it copies the log and truncates the original in place. Fix SELinux: 'restorecon -rv /var/log/myapp/' to reset log file security contexts. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Linux Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
When should I use copytruncate vs create?
Use 'create' (default) when the application can reopen log files after rotation (e.g., via SIGHUP). Use 'copytruncate' when the application keeps the log file open and cannot be signaled to reopen.
Overview
Fix Linux logrotate errors including configuration syntax failures, permission denied during rotation, and logs not being rotated as expected.
Key Details
- Logrotate manages log file rotation, compression, and deletion based on configuration rules
- Configuration files: /etc/logrotate.conf (global) and /etc/logrotate.d/ (per-application)
- Logrotate runs daily via systemd timer or cron — check scheduling if logs are not rotating
- The 'copytruncate' directive is needed for applications that hold log files open (cannot be renamed)
- SELinux contexts on log files can prevent logrotate from operating correctly
Common Causes
- Configuration syntax error preventing logrotate from processing rules
- Logrotate cron job or systemd timer not running
- Permission issues — logrotate running as root but log files owned by application user
- Application holding log file open — rename-based rotation creates a new file the app does not write to
Steps
- 1Test configuration: 'logrotate -d /etc/logrotate.conf' to debug without actually rotating
- 2Force rotation: 'logrotate -f /etc/logrotate.d/myapp' to test rotation immediately
- 3Check the timer: 'systemctl status logrotate.timer' or 'cat /etc/cron.daily/logrotate'
- 4Use 'copytruncate' for apps that hold files open: it copies the log and truncates the original in place
- 5Fix SELinux: 'restorecon -rv /var/log/myapp/' to reset log file security contexts