problem hub
Read-only firstLogrotate not running
Debug logrotate config and timer state before forcing rotation or truncating logs.
Safest first command
logrotate -d /etc/logrotate.conf
Before you run this
Expected output: Debug output showing which configs and log files logrotate would inspect and whether rotation is needed.
When not to use it: Do not force rotation or truncate logs until you know why rotation was skipped and whether the service needs a reopen signal.
Expected output example
reading config file /etc/logrotate.conf
considering log /var/log/app.log
log does not need rotating
How to read the result
Debug mode does not rotate. It explains decision logic, missing files, permission problems, and whether a log is too new or below size thresholds.
What to check next
Debug says log does not need rotating
Means: Policy thresholds may not be met.
Next step: Check size, age, and config stanza.
Timer inactive or failed
Means: Scheduled rotation may not be running.
Next step: Check timer state and recent logs.
Journal shows permission or script errors
Means: A postrotate script or ownership problem may block rotation.
Next step: Read recent logrotate service logs.
Logrotate decision tree
Use debug mode first, then timer status and journal logs. Only force rotation after confirming policy and service reopen behavior.
logrotate -d /etc/logrotate.confsystemctl status logrotate.timer --no-pagerjournalctl -u logrotate --since '7 days ago' --no-pager
Bad fixes to avoid
Do not truncate active logs blindly. Do not force rotation before reading debug output. Do not delete logs when the actual failure is a postrotate script.
Common causes
- Timer disabled
- Config threshold not met
- Permission denied
- Postrotate script failed
- Wrong log path
What not to change yet
- Do not truncate active logs first.
- Do not force rotation before debug review.
- Do not ignore the app reopen signal.
Stop and escalate if
- The next step could interrupt users, remove data, or lock out access.
- The output includes secrets, customer data, or private infrastructure details.
- You cannot explain the blast radius of the repair command.
supporting commands
Command path
Guides and drills
- Journal logs too large hub Use when systemd journal, not logrotate, owns the space.