Closed katzeprior closed 2 years ago
Hello @katzeprior !
Are you using crowdsec's built-in log rotation or the logrotate daemon from the system?
I have no idea, is there a way to check this?
you can check /etc/logrotate.d/
files if it's the logrotate from the system. If it's crowdsec doing its own logrotate, it will be in https://doc.crowdsec.net/docs/next/configuration/crowdsec_configuration#common by using the dedicated directives
@buixor Its the system doing the logrotate. Will close the issue because I will be reinstalling my system next vacation so its clean and will reopen if it ever happens again.
$ cat /etc/logrotate.d/crowdsec
/var/log/crowdsec.log
/var/log/crowdsec_api.log
{
rotate 4
daily
compress
missingok
notifempty
}
What happened?
Every midnight my server puts
crowdsec.log
intocrowdsec.log.1.gz
and creates a newcrowdsec.log
file but doesn't write any logs to it, only after a restart of crowdsec it starts writing again.What did you expect to happen?
I expected it to don't do logrotation because I never noticed it before or for it to write to the new log file.
How can we reproduce it (as minimally and precisely as possible)?
I have no idea, hard to test because it only happens at midnight.
Anything else we need to know?
No response
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.