I've the following logs rotation set up in the OS for nginx's and modsec's logs, and it works for nginx's logs but not for modsec's. The result for modsec is that, it made a copy for the log file but it keeps on writing to the old one as followed:
-rw-r--r-- 1 root root 26996998524 Apr 30 12:00 modsec_debug.log.1
drwxr-xr-x 3 root root 4096 Apr 29 10:31 .
-rw-r--r-- 1 root root 0 Apr 29 10:31 modsec_debug.log
Can someone please tell me what I've missed? Other than 'kill -USR1 cat /var/run/nginx.pid', should I run something else?
Please note that the nginx is running inside a container and I have this volume mapping: /var/log/nginx:/usr/local/openresty/nginx/logs
Other info: openresty: 1.13.6.2 Modsec: 3.0.3 Os version: Ubuntu 18.04.3 LTS
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 root root
maxsize 500M
minsize 500M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
docker exec www-proxy /bin/sh -c 'kill -USR1 `cat /var/run/nginx.pid`'
endscript
}
/var/log/nginx/modsec/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 root root
maxsize 500M
minsize 500M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
docker exec www-proxy /bin/sh -c 'kill -USR1 `cat /var/run/nginx.pid`'
endscript
}
Thanks.
As stated Here
you have to reload configs. For that you can use a restart/reload for web server or you can use
option in logrotate instead of create