The global channel expect a logrotate rule at /etc/logrotate.d/vyos-rsyslog but that file is currently an empty file with a line of comment which cause rsyslog just stop working because it doesn’t know how to rotate that file.
@c-po after the latest change, I am getting the following:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 131, in <module>
c = get_config()
^^^^^^^^^^^^
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 87, in get_config
syslog[tmp_config][tmp]['facility'][facility])
~~~~~~^^^^^^^^^^^^
TypeError: unhashable type: 'dict'
This happens as soon as I try to commit the following:
set system syslog host *redacted ip* facility kern level 'warning'
set system syslog host *redacted ip* protocol 'tcp'
set system syslog host *redacted ip* port '6001'
set system syslog host *redacted ip* format 'octet-counted'
@c-po@jestabro Sadly the issue of logrotate is not fixed.
The error message of rsyslog.service shows:
Jul 18 08:48:51 gateway rsyslogd[6560]: program '/usr/sbin/logrotate' (pid 6911) exited with status 1 [v8.2302.0]
Jul 18 08:48:51 gateway rsyslogd[6560]: file size limit cmd for file '/var/log/messages' did no resolve situation [v8.2302.0]
For some reason the generated /etc/rsyslog.d/00-vyos.conf is this:
# We always log to /var/log/messages
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate
*.info;local7.debug :omfile:$global
instead of this like it used to be:
# We always log to /var/log/messages
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog
*.info;local7.debug :omfile:$global
To reproduce this easily, I think you should just make your most active firewall rule like WAN outgoing to enable-default-log and this issue will immediately happen after the /var/log/messages hit 256KB
Thanks again, @budimanjojo , as you pointed out, there was a missing argument in the revised template file; that fix has been pushed to current. Note that this should resolve the logrotate issue, however one will see an unrelated, non-fatal, error message in journald regarding task ⚓ T5366 syslog: remove outdated reference to sysvinit rsyslog file in logrotate template. The latter is a trivial fix, pending some review.