While implementing the function to get the Samba audit log with rsyslog, the log file was not updated after logrotate and it got stuck for a moment, so I will share the solution.

problem

`configuration:/etc/rsyslog.d/sample.conf`


local5.* /mnt/system/logs/samba/audit.log;RSYSLOG_FileFormat

`/etc/logrotate.d/sample`


/mnt/system/logs/samba/audit.log {
    create 0644 syslog adm
    ifempty
    dateext
    dateformat .%Y-%m-%d
    maxsize 5G
    missingok
    compress
    monthly
    rotate 12
}

As mentioned above, when logging with rsyslog, the log file is no longer updated after logrotate is executed.

Solution

After logrotate was run, `` `systemctl restart rsyslog``` fixed it. This was solved by automating with ** postrotate ** of logrotate as follows.

`/etc/logrotate.d/sample`


/mnt/system/logs/samba/audit.log {
    create 0644 syslog adm
    ifempty
    dateext
    dateformat .%Y-%m-%d
    maxsize 5G
    missingok
    compress
    monthly
    rotate 12
+   postrotate
+     /bin/systemctl restart rsyslog
+   endscript
}

It's a little unique to write. Don't forget the endscript.

that's all!

When the log acquired by rsyslog is not updated after rotation with logrotate

problem

configuration:/etc/rsyslog.d/sample.conf

/etc/logrotate.d/sample

Solution

/etc/logrotate.d/sample

`configuration:/etc/rsyslog.d/sample.conf`

`/etc/logrotate.d/sample`

`/etc/logrotate.d/sample`