Logrotate Configuration Guide for Docker Services

This guide provides logrotate configurations for all services identified in the docker-compose and configuration files. Place these configurations in separate files within /etc/logrotate.d/ for proper management.

1. Traefik Logs

File: /etc/logrotate.d/traefik

/root/config/traefik/logs/*.log {
    daily
    rotate 4
    missingok
    notifempty
    compress
    dateext
    dateformat -%Y-%m-%d
    create 0644 root root
    postrotate
        docker kill --signal=USR1 $(docker ps -q -f name=traefik)
    endscript
}

2. CrowdSec Logs

File: /etc/logrotate.d/crowdsec

/root/config/crowdsec_logs/*.log {
    daily
    rotate 7
    missingok
    notifempty
    compress
    dateext
    dateformat -%Y-%m-%d
    create 0644 root root
    postrotate
        docker kill --signal=USR1 $(docker ps -q -f name=crowdsec)
    endscript
}

# Specific rotation for auth.log
/root/config/crowdsec_logs/auth.log {
    daily
    rotate 7
    missingok
    notifempty
    compress
    dateext
    dateformat -%Y-%m-%d
    create 0644 root root
    postrotate
        docker kill --signal=USR1 $(docker ps -q -f name=crowdsec)
    endscript
}

# Specific rotation for syslog
/root/config/crowdsec_logs/syslog {
    daily
    rotate 7
    missingok
    notifempty
    compress
    dateext
    dateformat -%Y-%m-%d
    create 0644 root root
    postrotate
        docker kill --signal=USR1 $(docker ps -q -f name=crowdsec)
    endscript
}

3. Pangolin Application Logs

File: /etc/logrotate.d/pangolin

/root/config/pangolin/logs/*.log {
    daily
    rotate 5
    missingok
    notifempty
    compress
    dateext
    dateformat -%Y-%m-%d
    create 0644 root root
    postrotate
        docker kill --signal=USR1 $(docker ps -q -f name=pangolin)
    endscript
}

Implementation Instructions

1. Create Configuration Files:

sudo touch /etc/logrotate.d/{traefik,crowdsec,pangolin}

2. Set Proper Permissions:

sudo chmod 644 /etc/logrotate.d/{traefik,crowdsec,pangolin}

3. Test Configurations:

sudo logrotate -d /etc/logrotate.d/traefik
sudo logrotate -d /etc/logrotate.d/crowdsec
sudo logrotate -d /etc/logrotate.d/pangolin

Configuration Details Explained

Common Parameters

• daily: Rotate logs every day
• rotate N: Keep N rotated logs before deleting
• missingok: Don’t error if log file is missing
• notifempty: Don’t rotate empty log files
• compress: Compress rotated logs using gzip
• dateext: Add date extension to rotated logs
• dateformat: Format for the date extension
• create: Create new log files with specified permissions

Service-Specific Settings

1. Traefik:

   • Rotation: 4 days (moderate retention for web traffic)
   • Path matches docker volume mount
   • Uses USR1 signal for graceful log rotation

2. CrowdSec:

   • Rotation: 7 days (longer retention for security logs)
   • Separate configurations for auth.log and syslog
   • Includes all logs in crowdsec_logs directory

3. Pangolin:

   • Rotation: 5 days (balanced retention)
   • Handles application-specific logs
   • Uses same signal-based rotation mechanism

Monitoring and Maintenance

1. Regular Checks:

# Check logrotate status
cat /var/lib/logrotate/status

# Test configurations
logrotate -d /etc/logrotate.d/*

# Force rotation (if needed)
logrotate -f /etc/logrotate.d/*

2. Log File Ownership:

# Ensure proper ownership
sudo chown root:root /etc/logrotate.d/*
sudo chmod 644 /etc/logrotate.d/*

Troubleshooting

1. If logs aren’t rotating:

   • Check file permissions
   • Verify paths exist
   • Review logrotate status file
   • Test configuration with debug flag (-d)

2. If services aren’t reopening log files:

   • Verify docker container names
   • Check if services handle USR1 signal
   • Review service logs for rotation-related errors

Remember to adjust rotation periods and other parameters based on:

• Available disk space
• Compliance requirements
• Log analysis needs
• Backup schedules