Console9

Logrotate: logs are not rotating

Diagnose and fix Logrotate when log files stop rotating due to incorrect permissions, ownership, missing cron jobs, or state file issues.

Logrotate silently skips log files when configuration file permissions, ownership, cron scheduling, or state file entries prevent rotation from executing.

When Logrotate Produces This Error

Logrotate does not produce an explicit error message when logs stop rotating. The symptom is that log files grow continuously without being rotated, compressed, or deleted. Administrators notice the issue when disk usage spikes or when ls -la /var/log/ shows log files with large sizes and old timestamps.

Logrotate may also skip rotation silently when its state file records a recent rotation timestamp even though the actual rotation did not complete. Run logrotate -d /etc/logrotate.conf to see whether Logrotate considers each file eligible for rotation.

What Causes Logs Not Rotating in Logrotate

Configuration File Permissions

Logrotate refuses to process configuration files in /etc/logrotate.d/ that have incorrect permissions. Logrotate requires configuration files to be owned by root and to have permissions no more permissive than 0644. If the file is world-writable or owned by a non-root user, Logrotate skips it without rotating the associated log files.

Missing or Disabled Cron Job

Logrotate relies on cron or systemd timers to trigger execution. Without the daily cron job at /etc/cron.daily/logrotate or the systemd timer logrotate.timer, Logrotate never runs. This causes all log files to grow indefinitely.

State File Issues

Logrotate records the last rotation timestamp for each log file in its state file at /var/lib/logrotate/status. If this file becomes corrupted, contains future dates, or is missing, Logrotate may skip rotation because it calculates that the interval has not elapsed.

Incorrect Log File Path Pattern

Logrotate only processes files matching the path pattern in the configuration block. If the path pattern does not match the actual log file location, Logrotate finds no files to rotate. Wildcards like *.log match only files ending in .log and not files without an extension.

How to Fix Logs Not Rotating in Logrotate

  1. Set root ownership on the Logrotate configuration file for the target application:

    sudo chown root:root /etc/logrotate.d/{YOUR_APP}

  2. Set secure permissions on the configuration file. Logrotate requires 0644 or more restrictive:

    sudo chmod 644 /etc/logrotate.d/{YOUR_APP}

  3. Verify the cron job exists and the cron daemon is running:

    ls -la /etc/cron.daily/logrotate
systemctl status cron

    On RHEL-based systems, check systemctl status crond instead.

    If the system uses systemd timers instead of cron, verify the timer is active:

    systemctl status logrotate.timer

  4. Check the Logrotate state file for correct timestamps:

    cat /var/lib/logrotate/status

    If entries show future dates or corrupted data, delete the state file. Logrotate recreates it on the next run:

    sudo rm /var/lib/logrotate/status

  5. Run Logrotate in debug mode to identify the exact reason it skips each file:

    sudo logrotate -d /etc/logrotate.conf

    Logrotate prints whether each file matches, meets size or time conditions, and whether any directives cause it to skip rotation.

  6. Force a rotation to confirm the fix works:

    sudo logrotate -vf /etc/logrotate.conf

How to Verify the Fix

Logrotate should create rotated copies on the next run. Check the log directory:

ls -la /var/log/{YOUR_APP}/

Rotated files (e.g., access.log.1 or access.log-20260308.gz) confirm that rotation works. Check the Logrotate state file to verify updated timestamps:

cat /var/lib/logrotate/status

Edge Cases and Variations

Logrotate skips files with notifempty when logs are empty.If the log file has zero bytes, Logrotate honors the notifempty directive and skips rotation. This is correct behavior, not a bug. Remove notifempty if you want Logrotate to rotate empty files.

Logrotate skips files that do not meet the size threshold.The size, minsize, and maxsize directives prevent rotation until the file reaches the configured size. Check the file size against the configured threshold.

Logrotate runs but the su directive is missing.When log directories are owned by a non-root user, Logrotate may lack permission to rename or create files. Add su {user} {group} to the configuration block to tell Logrotate to switch to the correct user before rotating.

Duplicate log entries across configuration files.Logrotate skips files that appear in more than one configuration block. Check for duplicate path patterns across /etc/logrotate.conf and /etc/logrotate.d/.

Logrotate: Permission denied-- often caused by the same ownership and permission issues that prevent rotation.

Logrotate: lines must begin with a keyword or a filename-- a configuration syntax error that stops Logrotate from processing the file entirely.

© 2026 - Console9