How to Exclude Specific Files from Wildcard Patterns in Logrotate Configurations


3 views

When managing log files with logrotate, a common challenge arises when you need to apply different configurations to most files matching a pattern while requiring special treatment for a few exceptions. The intuitive approach of defining both wildcard and specific configurations results in the "duplicate log entry" error.

Logrotate processes configurations sequentially and cannot natively support configuration inheritance or override mechanisms. When a specific file matches multiple patterns (both wildcard and explicit), it triggers the duplicate entry protection.

Here are three effective approaches to handle this scenario:

Solution 1: Directory Structure Reorganization

Restructure your logging directories to separate special cases:

/var/log/mylogs/standard/*.log {
    size 1000k
    copytruncate
    create 0644 root root
    rotate 99
    compress
    missingok
}

/var/log/mylogs/special/thatonespecial.log {
    size 1000k
    copytruncate
    create 0644 myuser mygroup
    rotate 99
    compress
    missingok
}

Solution 2: Filename Pattern Exclusion

Use a more precise wildcard pattern that excludes your special cases:

/var/log/mylogs/[!t]*.log {
    # Standard configuration
}

/var/log/mylogs/thatonespecial.log {
    # Special configuration
}

Solution 3: Multiple Config Files with Include

Split configurations into separate files and use include:

# /etc/logrotate.d/mylogs_standard
/var/log/mylogs/*.log {
    size 1000k
    copytruncate
    create 0644 root root
    rotate 99
    compress
    missingok
    # Exclude special cases
    olddir /var/log/mylogs/special
    exclude /var/log/mylogs/special/*
}

# /etc/logrotate.d/mylogs_special
/var/log/mylogs/special/thatonespecial.log {
    size 1000k
    copytruncate
    create 0644 myuser mygroup
    rotate 99
    compress
    missingok
}
  • Always test configurations with logrotate -d (dry run) before deployment
  • Consider file naming conventions that support easy pattern matching
  • Document special cases clearly in configuration comments
  • For extremely complex scenarios, consider pre/post rotate scripts

For maximum flexibility, use prerotate scripts to implement custom logic:

/var/log/mylogs/*.log {
    size 1000k
    copytruncate
    create 0644 root root
    prerotate
        # Custom script to handle special cases
        if [ "$1" = "thatonespecial.log" ]; then
            chown myuser:mygroup "$1"
        fi
    endscript
    rotate 99
    compress
    missingok
}

When managing numerous log files with similar rotation requirements, wildcard patterns in logrotate configurations are incredibly useful. However, a common challenge arises when you need to make exceptions for specific files within that wildcard pattern.

# This won't work due to duplicate entry error
/var/log/app/*.log {
    size 50M
    rotate 7
    compress
}

/var/log/app/special.log {
    size 100M
    rotate 30
    compress
}

Logrotate processes configurations sequentially and treats each entry independently. When a specific file matches multiple patterns (both wildcard and explicit), it triggers the "duplicate log entry" error. This is a design limitation to prevent ambiguous rotation behaviors.

1. Directory Structure Separation

The most reliable approach is to organize logs into separate directories based on their rotation requirements:

/var/log/app/standard/*.log {
    size 50M
    rotate 7
}

/var/log/app/special/*.log {
    size 100M
    rotate 30
}

2. Negative Pattern Matching with Bash Globbing

For systems using newer versions of logrotate with extended globbing support:

/var/log/app/!(special.log) {
    size 50M
    rotate 7
}

/var/log/app/special.log {
    size 100M
    rotate 30
}

3. Multiple Configuration Files

Split configurations into separate files and control loading order:

# /etc/logrotate.d/app-common
/var/log/app/*.log {
    size 50M
    rotate 7
}

# /etc/logrotate.d/app-special (loaded later)
/var/log/app/special.log {
    size 100M
    rotate 30
}

Using Scripts in Postrotate

For complex scenarios, you can handle exceptions in postrotate scripts:

/var/log/app/*.log {
    size 50M
    rotate 7
    sharedscripts
    postrotate
        # Special handling for specific files
        if [ -f "/var/log/app/special.log" ]; then
            chown specialuser:specialgroup /var/log/app/special.log*
        fi
    endscript
}

Combining Multiple Directives

For simple attribute differences, combine directives:

/var/log/app/*.log {
    size 50M
    rotate 7
    create 644 appuser appgroup
    
    # Override for special file
    if /var/log/app/special.log {
        create 640 specialuser specialgroup
        size 100M
        rotate 30
    }
}

Note: The "if" directive syntax shown above isn't native to logrotate but represents the conceptual approach some administrators implement through creative configuration.

For production systems, the directory separation method (Solution 1) is generally the most maintainable and least prone to errors. It provides clear visibility into which files receive which rotation treatment and scales well as exception cases grow.