[CentOS] ElasticSearch Logrotate not working

Thomas Eriksson thomas.eriksson at slac.stanford.edu
Thu Jul 28 18:06:40 UTC 2016


On 07/28/2016 07:40 AM, Tim Dunphy wrote:
> Hey guys,
> 
>  I have this log rotation script setup in my /etc/logrotate.d folder
> 
> /var/log/elasticsearch/*.log {
>     daily
>     rotate 100
>     size 50M
>     copytruncate
>     compress
>     delaycompress
>     missingok
>     notifempty
>     create 644 elasticsearch elasticsearch
> }
> 
> And I notice that log files are still being generated that are upwards of 7
> or 8 GBs. Can anyone point out to me where the script is going wrong, and
> why log files for ES are growing so incredibly big? I would think that
> having that logrotate script in place should solve that problem.
> 
> Thanks,
> Tim
> 

Tim,

First, logrotate only checks the state of the logfiles once a day, so
if your log grows to 8GB in a day, it has no chance to do anything
about it.

Second, elasticsearch is using log4j to control its logs. It has its
own naming and rotation rules and should not need to involve logrotate
at all. See /etc/elasticsearch/logging.yml

Third, if you generate that much logging in a day, maybe lowering the
loglevel, or perhaps there is a problem that should be fixed.

-Thomas





More information about the CentOS mailing list