# Rotating Monit logfile



## xy16644 (May 9, 2015)

I seem to be having an issue with rotating my Monit logfiles with newsyslog. In /usr/local/etc/monitrc I have set:


```
set logfile syslog facility log_daemon
set logfile /var/log/monit/monit.log
```

In /etc/newsyslog.conf I have set:


```
/var/log/monit/monit.log  644  7  *  @T00  C
```

This is how my /var/log/monit  directory looks:


```
-rw-r--r--  1 root  wheel  59B May  9 00:00 monit.log
-rw-r--r--  1 root  wheel  118B May  9 00:00 monit.log.0
-rw-r--r--  1 root  wheel  118B May  8 00:00 monit.log.1
-rw-r--r--  1 root  wheel  2.6K May  9 08:21 monit.log.2  <---- Only log with Monit entries in it
-rw-r--r--  1 root  wheel  117B May  6 00:00 monit.log.3
-rw-r--r--  1 root  wheel  99K May  6 20:37 monit.log.4
```

The ONLY file that is used for Monit logging is the monit.log.2 file. All the other log files just say:


```
May  9 00:00:00 mail newsyslog[30562]: logfile turned over
```

What am I doing wrong here?


----------



## gkontos (May 9, 2015)

Nothing, monit did not log anything before the rotation so the only thing that you see is the message regarding the rotation.


----------



## xy16644 (May 9, 2015)

But when new entries are logged they are put into the monit.log.2 log file? Shouldn't they go into monit.log?


----------



## xy16644 (May 9, 2015)

If I run `monit reload` AFTER the log file has been rotated by newsyslog then monit starts to write log entries to monit.log rather than monit.log.2.

Is there a way to run `monit reload` after newsyslog has rotated the log file?

Looks like it might be a bug?

http://lists.nongnu.org/archive/html/monit-general/2007-07/msg00048.html


----------



## gkontos (May 9, 2015)

You could do that from newsyslog.conf.

```
/var/log/monit/monit.log 644 7 * @T00 Z /var/run/monit/monit.pid
```
Assuming that /var/run/monit/monit.pid is valid.


----------



## xy16644 (May 9, 2015)

gkontos said:


> You could do that from newsyslog.conf.
> 
> ```
> /var/log/monit/monit.log 644 7 * @T00 Z /var/run/monit/monit.pid
> ...



Thanks but I still don't seem to be having much luck with this!

I tried:


```
/var/log/monit/monit.log 644 7 * @T1238 Z /var/run/monit.pid
```

And the logfiles are still not rotating. Is there anything else I can try?


----------



## gkontos (May 9, 2015)

Hm, does /var/run/monit.pid exists?


----------



## xy16644 (May 9, 2015)

gkontos said:


> Hm, does /var/run/monit.pid exists?



Yip!


```
(/support)$ ls /var/run/monit.pid
-rw-r--r--  1 root  wheel  6B May  9 12:21 /var/run/monit.pid
```


----------



## gkontos (May 9, 2015)

Sorry, I can't think of anything else now


----------



## xy16644 (May 9, 2015)

Hehe, that makes two of us!


----------



## junovitch@ (May 10, 2015)

I thought I had something insightful because Nginx uses a different signal to reload log files.  However, after looking at it that doesn't appear to be the case here.  Either way, some education on what's going on:

newsyslog.conf(5)


> signal_number
> This optional field specifies the signal number that will be sent to the daemon process (or to all processes in a process group, if the U flag was specified).  If this field is not present, then a SIGHUP signal will be sent.



I checked if my Monit was reloaded with a different signal by doing `truss monit reload` and got this output toward the end:

```
Reinitializing monit daemon
write(1,"Reinitializing monit daemon\n",28)    = 28 (0x1c)
stat("/var/run/monit.pid",{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
stat("/var/run/monit.pid",{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
open("/var/run/monit.pid",O_RDONLY,0666)    = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=24509,size=6,blksize=32768 }) = 0 (0x0)
read(3,"62384\n",32768)                = 6 (0x6)
close(3)                    = 0 (0x0)
getpgid(62384)                    = 62312 (0xf368)
kill(62384,SIGHUP)                = 0 (0x0)
```

I see that Monit is just reloaded using the standard SIGHUP so there is no need to specify it in the newsyslog.conf.  So bottom line is what you are doing is correct.

Another helpful hint, you can keep things separated a bit cleaner on the newer releases that support the newsyslogd.conf.d construct with one like this in the case of Nginx.
/usr/local/etc/newsyslog.conf.d/nginx.conf 

```
/var/log/nginx/*.log 644 7 * @T00 JG /var/run/nginx.pid 30
```


----------



## xy16644 (May 10, 2015)

Thanks for the reply!

I think:

```
/var/log/monit/monit.log  644  7  *  @T00  -  /var/run/monit.pid
```

seems to be working but I would like to let it run for a few more days. The logfile turned over at midnight and current events are being written to monit.log rather than monit.log.x. I'll check it again tomorrow.

On a slightly different (but related note) I am having a similar issue with the milter-greylist and clamav-milter logs.

In /etc/newsyslog.conf I have:


```
/var/log/milter-greylist/greylist.log  postfix:postfix  644  7  *  @T00  - /var/run/milter-greylist.pid
/var/log/clamav/clamav-milter.log  clamav:clamav  644  7  *  @T00  -  /var/run/clamav/clamav-milter.pid 1
```

but this morning it was logging current events to greylist.log.0 or clamav-milter.log.0 but after restarting both daemons it started logging to greylist.log or clamav-milter.log:


```
-rw-r--r--  1 clamav  clamav  1.5K May 10 15:00 clamav-milter.log
-rw-r--r--  1 clamav  clamav  1.6M May 10 02:14 clamav-milter.log.0
```


```
-rw-r--r--  1 postfix  postfix  7.7K May 10 15:21 greylist.log
-rw-r--r--  1 postfix  postfix  9.0K May 10 09:19 greylist.log.0
```

What is wrong with my /etc/newsyslog.conf entries for these logs?


----------

