Rotating Monit logfile

[xy16644]

I seem to be having an issue with rotating my Monit logfiles with newsyslog. In /usr/local/etc/monitrc I have set:

set logfile syslog facility log_daemon
set logfile /var/log/monit/monit.log

In /etc/newsyslog.conf I have set:

/var/log/monit/monit.log  644  7  *  @T00  C

This is how my /var/log/monit directory looks:

-rw-r--r--  1 root  wheel  59B May  9 00:00 monit.log
-rw-r--r--  1 root  wheel  118B May  9 00:00 monit.log.0
-rw-r--r--  1 root  wheel  118B May  8 00:00 monit.log.1
-rw-r--r--  1 root  wheel  2.6K May  9 08:21 monit.log.2  <---- Only log with Monit entries in it
-rw-r--r--  1 root  wheel  117B May  6 00:00 monit.log.3
-rw-r--r--  1 root  wheel  99K May  6 20:37 monit.log.4

The ONLY file that is used for Monit logging is the monit.log.2 file. All the other log files just say:

May  9 00:00:00 mail newsyslog[30562]: logfile turned over

What am I doing wrong here?

 

[gkontos]

Nothing, monit did not log anything before the rotation so the only thing that you see is the message regarding the rotation.

 

[xy16644]

But when new entries are logged they are put into the monit.log.2 log file? Shouldn't they go into monit.log?

 

[xy16644]

If I run monit reload AFTER the log file has been rotated by newsyslog then monit starts to write log entries to monit.log rather than monit.log.2.

Is there a way to run monit reload after newsyslog has rotated the log file?

Looks like it might be a bug?

http://lists.nongnu.org/archive/html/monit-general/2007-07/msg00048.html

 

[gkontos]

You could do that from newsyslog.conf.

/var/log/monit/monit.log 644 7 * @T00 Z /var/run/monit/monit.pid

Assuming that /var/run/monit/monit.pid is valid.

 

[xy16644]

You could do that from newsyslog.conf.

/var/log/monit/monit.log 644 7 * @T00 Z /var/run/monit/monit.pid

Assuming that /var/run/monit/monit.pid is valid.

Thanks but I still don't seem to be having much luck with this!

I tried:

/var/log/monit/monit.log 644 7 * @T1238 Z /var/run/monit.pid

And the logfiles are still not rotating. Is there anything else I can try?

 

[gkontos]

Hm, does /var/run/monit.pid exists?

 

[xy16644]

Hm, does /var/run/monit.pid exists?

Yip!

(/support)$ ls /var/run/monit.pid
-rw-r--r--  1 root  wheel  6B May  9 12:21 /var/run/monit.pid

 

[gkontos]

Sorry, I can't think of anything else now

 

[xy16644]

Hehe, that makes two of us!

 

[junovitch@]

I thought I had something insightful because Nginx uses a different signal to reload log files. However, after looking at it that doesn't appear to be the case here. Either way, some education on what's going on:

newsyslog.conf(5)

signal_number
This optional field specifies the signal number that will be sent to the daemon process (or to all processes in a process group, if the U flag was specified). If this field is not present, then a SIGHUP signal will be sent.

I checked if my Monit was reloaded with a different signal by doing truss monit reload and got this output toward the end:

Reinitializing monit daemon
write(1,"Reinitializing monit daemon\n",28)    = 28 (0x1c)
stat("/var/run/monit.pid",{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
stat("/var/run/monit.pid",{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
open("/var/run/monit.pid",O_RDONLY,0666)    = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
read(3,"62384\n",32768)                = 6 (0x6)
close(3)                    = 0 (0x0)
getpgid(62384)                    = 62312 (0xf368)
kill(62384,SIGHUP)                = 0 (0x0)

I see that Monit is just reloaded using the standard SIGHUP so there is no need to specify it in the newsyslog.conf. So bottom line is what you are doing is correct.

Another helpful hint, you can keep things separated a bit cleaner on the newer releases that support the newsyslogd.conf.d construct with one like this in the case of Nginx.
/usr/local/etc/newsyslog.conf.d/nginx.conf

/var/log/nginx/*.log 644 7 * @T00 JG /var/run/nginx.pid 30

 

[xy16644]

Thanks for the reply!

I think:

/var/log/monit/monit.log  644  7  *  @T00  -  /var/run/monit.pid

seems to be working but I would like to let it run for a few more days. The logfile turned over at midnight and current events are being written to monit.log rather than monit.log.x. I'll check it again tomorrow.

On a slightly different (but related note) I am having a similar issue with the milter-greylist and clamav-milter logs.

In /etc/newsyslog.conf I have:

/var/log/milter-greylist/greylist.log  postfix:postfix  644  7  *  @T00  - /var/run/milter-greylist.pid
/var/log/clamav/clamav-milter.log  clamav:clamav  644  7  *  @T00  -  /var/run/clamav/clamav-milter.pid 1

but this morning it was logging current events to greylist.log.0 or clamav-milter.log.0 but after restarting both daemons it started logging to greylist.log or clamav-milter.log:

-rw-r--r--  1 clamav  clamav  1.5K May 10 15:00 clamav-milter.log
-rw-r--r--  1 clamav  clamav  1.6M May 10 02:14 clamav-milter.log.0

-rw-r--r--  1 postfix  postfix  7.7K May 10 15:21 greylist.log
-rw-r--r--  1 postfix  postfix  9.0K May 10 09:19 greylist.log.0

What is wrong with my /etc/newsyslog.conf entries for these logs?