# Programs stop logging after log rotation



## atmosx (Jul 6, 2014)

Hello,

I'm running *FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789* on a VPS. When a program's log file is rotated (e.g. /var/log/mailog), I have to restart the program (i.e. _OpenSMTPd_) in order to receive logs which makes debugging impossible.

This is my /etc/newsyslog.conf:

`root@piseli:/var/log # cat /etc/newsyslog.conf`

```
# configuration file for newsyslog
# $FreeBSD: release/10.0.0/etc/newsyslog.conf 252481 2013-07-01 21:20:17Z asomers $
# [...]
# logfilename          [owner]    mode count size when  flags [/pid_file] [sig_num]
/var/log/all.log			600  7	   *	@T00  J
/var/log/amd.log			644  7	   100	*     J
/var/log/auth.log			600  7     100  @0101T JC
/var/log/console.log			600  5	   100	*     J
/var/log/cron				600  3	   100	*     JC
/var/log/daily.log			640  7	   *	@T00  JN
/var/log/debug.log			600  7     100  *     JC
/var/log/init.log			644  3	   100	*     J
/var/log/kerberos.log			600  7	   100	*     J
/var/log/lpd-errs			644  7	   100	*     JC
/var/log/maillog			640  7	   *	@T00  JC
/var/log/messages			644  5	   100	@0101T JC
/var/log/monthly.log			640  12	   *	$M1D0 JN
/var/log/pflog				600  3	   100	*     JB    /var/run/pflogd.pid
/var/log/ppp.log	root:network	640  3	   100	*     JC
/var/log/devd.log			644  3	   100	*     JC
/var/log/security			600  10	   100	*     JC
/var/log/sendmail.st			640  10	   *	168   BN
/var/log/utx.log			644  3	   *	@01T05 B
/var/log/weekly.log			640  5	   *	$W6D0 JN
/var/log/xferlog			600  7	   100	*     JC
/var/log/polipo		polipo:		640  3     100	*     J     /var/run/polipo/polipo.pid 30
/var/log/nginx.access.log 		600  7     700  *     JCN
/var/log/nginx.error.log 	        600  7     100  *     JCN
/var/log/local6.log 			600  7     *    @T00  JN
/var/log/openvpn.log                    600  7     700  *     JCN
/var/log/dovecot.log                    600  7     100  *     JCN
/var/log/dovecot-info.log               600  7     700  *     JCN
```

I added manually the openvpn and dovecot entries. Maybe this is causing the problem, I am not sure. Anyone experienced the same issue or have any idea on how to tackle this?

ps. A solution for me would be switch to metalog. I like metalog better anyway but I would like to understand what is causing this behaviour.


----------



## junovitch@ (Jul 7, 2014)

Notice the last two columns for the PID to look at and the signal to send.  You'll probably need to add those applications to tell them they need to reopen log files after the logs get rotated.

Example for NGINX where the man page describes the signal that is needed to have it reopen log files.

```
/var/log/nginx/*.log			644  7	   *    @T00  JG    /var/run/nginx.pid  30
```


----------



## SirDice (Jul 7, 2014)

Yes, applications need to release and re-open their file descriptors after the log file has been removed or renamed. Otherwise the application will still try to write to the, now removed, file.


----------

