I have rsyslog running in an podman container. It is receiving logs and writing them to a mounted directory on the host. The rotation of this log files in done on the host, but for some reason logrotate fails
Mar 22 03:13:01 mars logrotate[42141]: ALERT exited abnormally with [1]
I checked SELinux, but audit log doesn't show anything.
This is the logrotate config:
/var/log/fw.log {
compress
compresscmd /bin/xz
uncompresscmd /bin/unxz
compressext .xz
dateext
maxage 1
rotate 1
daily
notifempty
missingok
create 0660 fluent fluent
sharedscripts
postrotate
/bin/podman exec rsyslog-f5 /usr/bin/killall -HUP || false
endscript
}
After the rotation, the file is copied to e.g. /var/log/fw.log-20230322, but rsyslog is not starting to write to the new file. If I run /bin/podman exec rsyslog-f5 /usr/bin/killall -HUP as root it works properly.
I already tried to add some debug output to the postrotate script
postrotate
/bin/podman exec rsyslog-f5 /usr/bin/killall -HUP rsyslogd 2>&1 > /tmp/postrotate.log || false
endscript
but /tmp/postrotate.log was empty.
A dry run with logrotate -d /etc/logrotate.d/fwlogs doesn't show any errors.