ElasticSearch Logrotate Not Working

Home » CentOS » ElasticSearch Logrotate Not Working
CentOS 2 Comments

Hey guys,

I have this log rotation script setup in my /etc/logrotate.d folder

/var/log/elasticsearch/*.log {
daily
rotate 100
size 50M
copytruncate
compress
delaycompress
missingok
notifempty
create 644 elasticsearch elasticsearch
}

And I notice that log files are still being generated that are upwards of 7
or 8 GBs. Can anyone point out to me where the script is going wrong, and why log files for ES are growing so incredibly big? I would think that having that logrotate script in place should solve that problem.

Thanks, Tim

2 thoughts on - ElasticSearch Logrotate Not Working

  • Tim,

    First, logrotate only checks the state of the logfiles once a day, so if your log grows to 8GB in a day, it has no chance to do anything about it.

    Second, elasticsearch is using log4j to control its logs. It has its own naming and rotation rules and should not need to involve logrotate at all. See /etc/elasticsearch/logging.yml

    Third, if you generate that much logging in a day, maybe lowering the loglevel, or perhaps there is a problem that should be fixed.

    -Thomas