When your Debian system stops rotating logs automatically while manual execution works perfectly (/usr/sbin/logrotate -f /etc/logrotate.conf), the root cause typically lies in one of these areas:
- Cron job misconfiguration
- Permission issues
- Missing include directives
- Incorrect logrotate state tracking
First, verify if the cron job exists and runs at the expected schedule:
# Check daily cron job
ls -l /etc/cron.daily/logrotate
# Verify cron service status
systemctl status cron
# Check last execution time (for systems with auditd)
ausearch -k CRON | grep logrotate | tail -n 5Common permission-related failures include:
# Verify logrotate has execute permission
stat /usr/sbin/logrotate
# Check state file permissions
ls -l /var/lib/logrotate/status
# Test running as correct user
sudo -u root /usr/sbin/logrotate -d /etc/logrotate.confYour logrotate.conf should properly include configuration snippets:
# Check for proper includes
grep include /etc/logrotate.conf
# Verify individual config files
for f in /etc/logrotate.d/*; do echo "=== $f ==="; cat "$f"; doneForce a dry run with maximum verbosity:
/usr/sbin/logrotate -v -d /etc/logrotate.confLook for these critical messages:
- "Not rotating log" with reasons
- Permission denied errors
- Missing file warnings
When all else fails, this comprehensive fix usually works:
# 1. Clean state file
sudo rm /var/lib/logrotate/status
sudo touch /var/lib/logrotate/status
sudo chmod 644 /var/lib/logrotate/status
# 2. Verify cron job
sudo cat > /etc/cron.daily/logrotate << 'EOF'
#!/bin/sh
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
EOF
# 3. Set executable bit
sudo chmod +x /etc/cron.daily/logrotate
# 4. Force immediate rotation
sudo /usr/sbin/logrotate -vf /etc/logrotate.confFor systems where logs stop rotating after some time:
# Check for stuck processes
pgrep -fl logrotate
# Verify inode changes
watch -n 60 'ls -li /var/log/syslog /var/log/syslog.1'Both my Debian systems (i386 and AMD architectures) exhibit identical log rotation failures. While manual execution succeeds with:
/usr/sbin/logrotate -f /etc/logrotate.confthe automated rotation through cron fails consistently. Fresh installations show the same behavior, indicating this isn't configuration drift.
First verify cron is actually triggering logrotate:
sudo grep logrotate /var/log/syslog
# Or for systems using journalctl:
journalctl _COMM=cron | grep logrotateThe key indicators to check:
- Cron job execution timestamps
- Exit status codes
- Permission-related errors in logs
Your pastebin outputs reveal several critical points:
# Check logrotate's service status:
systemctl status logrotate.timer
# Verify cron.daily execution permissions:
ls -la /etc/cron.daily/logrotate
# Test forced daily run:
run-parts --test /etc/cron.dailyThe core issue often lies in the daily cron script. Compare with this working version:
#!/bin/sh
# Clean non-existent config files from include directory
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.confKey requirements:
- Script must be executable (755 permissions)
- Must use absolute paths
- Should handle missing binaries gracefully
Create a test cron job to capture detailed output:
# Temporary debug script
echo "/usr/sbin/logrotate -v /etc/logrotate.conf > /tmp/logrotate.debug 2>&1" | sudo tee /etc/cron.d/logrotate_test
sudo chmod 600 /etc/cron.d/logrotate_testWait for cron execution or force it with:
sudo run-parts /etc/cron.dBased on your configuration, implement these fixes:
# 1. Fix include directory permissions
sudo chmod 755 /etc/logrotate.d
# 2. Ensure proper shebang in all configs
find /etc/logrotate.d -type f -exec sed -i '1i#!/bin/bash' {} \;
# 3. Test with minimum config
echo "/var/log/syslog {
rotate 7
daily
}" | sudo tee /etc/logrotate.d/testFor modern Debian systems, consider using systemd timers:
# Enable the built-in timer
sudo systemctl enable logrotate.timer
sudo systemctl start logrotate.timer
# Verify timer status
systemctl list-timers | grep logrotateAfter applying fixes, verify with:
# Check last rotation date
ls -l /var/log/syslog*
# Force cron execution and verify
sudo /etc/cron.daily/logrotate
sudo cat /var/lib/logrotate/statusImplement this simple check in your monitoring system:
#!/bin/bash
# Check if logs rotated in last 26 hours
current_date=$(date +%s)
last_rotated=$(date -d "$(grep syslog /var/lib/logrotate/status | awk '{print $2}')" +%s 2>/dev/null)
if [ -z "$last_rotated" ] || [ $((current_date - last_rotated)) -gt 93600 ]; then
echo "CRITICAL: Log rotation failure detected"
exit 2
fi