Introduction
This document describes how to initialize or force a rotation of a single specific docker image log file on the Secure Network Analytics Manager.
Prerequisites
Requirements
Cisco recommends that you have knowledge of this topic:
- Root user access to the Secure Network Analytics Manager
Components Used
The information in this document is based on Secure Network Analytics Manger v7.3.2 or newer.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Configure
Navigate to the /etc/logrotate.d/ directory with the cd /etc/logrotate.d/ command.
Copy the current swos-docker-config file to a new file that is easy to identify. For example, if you wish to rotate the /lancope/var/logs/containers/svc-ise-client.log file, name the file svc-ise-config with the cp swos-docker-config svc-ise-config command.
Edit the new svc-ise-config file with the vi svc-ise-config command.
732smc:~# cd /etc/logrotate.d/
732smc:/etc/logrotate.d# cp swos-docker-config svc-ise-config
732smc:/etc/logrotate.d# vi svc-ise-config
Edit the file so the contents match this output:
/lancope/var/logs/containers/svc-ise-client.log {
copytruncate
compress
rotate 10
missingok
notifempty
size +5000k
su root lclog
}
Verify
Force the file to with the logrotate -f svc-ise-config command.
732smc:/etc/logrotate.d# ll /lancope/var/logs/containers/svc-ise-client.log*
-rw-r--r-- 1 root adm 85446 Nov 3 16:08 /lancope/var/logs/containers/svc-ise-client.log
732smc:/etc/logrotate.d# logrotate -f svc-ise-config
732smc:/etc/logrotate.d# ll /lancope/var/logs/containers/svc-ise-client.log*
-rw-r--r-- 1 root adm 0 Nov 3 16:19 /lancope/var/logs/containers/svc-ise-client.log
-rw-r--r-- 1 root adm 85446 Nov 3 16:19 /lancope/var/logs/containers/svc-ise-client.log.1.gz
732smc:/etc/logrotate.d#
Troubleshoot
You can issue the logrotate -vf svc-ise-config command to receive a more verbose output.
Alternatively you can use the logrotate -dvf svc-ise-config command to receive debug/dry-run output that does not rotate the file or perform any actions.
732smc:/etc/logrotate.d# logrotate -vf svc-ise-config
reading config file svc-ise-config
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries
Creating new state
<line repeats many times - removed for brevity>
Creating new state
Handling 1 logs
rotating pattern: /lancope/var/logs/containers/svc-ise-client.log forced from command line (10 rotations)
empty log files are not rotated, old logs are removed <--- This can be a cause of a file not to rotate
switching euid to 0 and egid to 998
considering log /lancope/var/logs/containers/svc-ise-client.log
Now: 2022-11-03 16:19
Last rotated at 2022-11-03 16:17
log does not need rotating (log is empty) <--- The utlimate decision made by logrotate will print here
switching euid to 0 and egid to 0
Related Information
Feedback