When configuring logrotate to trigger based on file size (size or maxsize), many administrators encounter the same fundamental misunderstanding: logrotate itself doesn't monitor files continuously. The rotation only occurs when logrotate is executed, typically through cron.
Your current configuration has two competing directives:
daily # Run rotation daily
size 250M # Rotate if over 250MBThe daily parameter means the rotation will only be attempted once per day during the normal logrotate cron job (usually in /etc/cron.daily/logrotate). At that time, it will check both conditions.
For true size-based rotation, you need to:
1. Remove the daily parameter
2. Create a dedicated cron entry for this logfile
Example crontab entry (run every 5 minutes):
*/5 * * * * /usr/sbin/logrotate /etc/logrotate.d/haproxy -fHere's an optimized configuration that handles both size and time-based rotation:
"/var/log/haproxy.log" {
size 250M
rotate 5
create 644 root root
missingok
compress
delaycompress
copytruncate
sharedscripts
postrotate
/usr/bin/systemctl reload haproxy >/dev/null 2>&1 || true
endscript
}This removes the daily restriction while maintaining all other functionality.
- The
copytruncatemethod may lose some logs during rotation - Frequent rotations increase I/O load
- Consider using
dateextfor clearer rotation naming
Force a test run with debug output:
logrotate -d /etc/logrotate.d/haproxyOr perform a dry-run:
logrotate -vf /etc/logrotate.d/haproxyWhen using logrotate with both daily and size/maxsize directives, many administrators encounter unexpected behavior. The configuration shown:
"/var/log/haproxy.log" {
daily
size 250M
rotate 1
create 644 root root
missingok
compress
notifempty
copytruncate
}has a fundamental limitation - the daily directive takes precedence over size-based rotation. This means logrotate will only check the file once per day (typically via cron.daily) regardless of size thresholds.
Option 1: Remove Daily and Use Custom Cron
First modify your configuration:
"/var/log/haproxy.log" {
size 250M
rotate 1
create 644 root root
missingok
compress
notifempty
copytruncate
}Then create a custom cron job (e.g., in /etc/cron.d/logrotate_haproxy):
*/30 * * * * root /usr/sbin/logrotate /etc/logrotate.d/haproxyOption 2: Use inotifywait for Real-Time Monitoring
For critical services needing immediate rotation:
#!/bin/bash
inotifywait -m /var/log -e modify |
while read path action file; do
if [[ "$file" = "haproxy.log" ]]; then
size=$(stat -c%s "/var/log/haproxy.log")
if [ $size -gt $((250*1024*1024)) ]; then
/usr/sbin/logrotate -f /etc/logrotate.d/haproxy
fi
fi
done1. maxsize vs size: Both work similarly but with different triggers:
- size: Rotates when log exceeds specified size at check time
- maxsize: Rotates when log might exceed size between checks
2. The copytruncate method may lose some log entries during rotation. For zero-loss solutions, consider using sharedscripts with service restarts.
3. For HAProxy specifically, you might want to add:
postrotate
/usr/bin/systemctl reload haproxy >/dev/null 2>&1 || true
endscript