I'm unsure why catalina.out.1 is owned by syslog:adm and not tomcat:adm, because the config still has "create 640 tomcat adm". Maybe rsyslog won the race and created the file, and maybe we can drop this "create" line from the logrotate config for tomcat9.
So now I have:
- logs produced by the java process: tomcat:adm 0640
- logs rotated by logrotate: syslog:adm 0640
- log produced by rsyslog: syslog:adm 0640
-rw-r----- 1 tomcat adm 21K Jun 23 13:51 catalina.2022-06-23.log
-rw-r----- 1 syslog adm 0 Jun 23 13:52 catalina.out
-rw-r----- 1 syslog adm 7.7K Jun 23 13:52 catalina.out.1
-rw-r----- 1 syslog adm 20 Jun 23 13:43 catalina.out.2.gz
-rw-r----- 1 syslog adm 93 Jun 23 13:42 catalina.out.3.gz
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost.2022-06-23.log
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost_access_log.2022-06-23.txt
Let's reinstall tomcat9. And I get:
-rw-r----- 1 tomcat adm 27K Jun 23 14:03 catalina.2022-06-23.log
-rw-r----- 1 tomcat adm 0 Jun 23 13:52 catalina.out
-rw-r----- 1 tomcat adm 7.7K Jun 23 13:52 catalina.out.1
-rw-r----- 1 tomcat adm 20 Jun 23 13:43 catalina.out.2.gz
-rw-r----- 1 tomcat adm 93 Jun 23 13:42 catalina.out.3.gz
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost.2022-06-23.log
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost_access_log.2022-06-23.txt
That's because of tomcat9's postinst which does chown -Rh tomcat:adm /var/log/tomcat9.
And now rsyslog cannot write to catalina.out anymore:
Jun 23 14:06:03 k-tomcat9-logging rsyslogd: file '/var/log/tomcat9/catalina.out': open error: Permission denied [v8.2204.0 try https://www.rsyslog.com/e/2433 ]
And this time logrotate's "create" kicked in, because an empty catalina.out is created as tomcat:adm.
So we need to exclude /var/log/tomcat9/catalina.out from tomcat9's recursive chown in postinst.
Let's see.
From the start, that gives us catalina.out syslog:adm 0640, and all the other log files produced by the java process are tomcat:adm 0640.
If I run logrotate after that, I get:
truncated catalina.out syslog:adm 0640
rotated catalina.out.1 syslog:adm 0640
I'm unsure why catalina.out.1 is owned by syslog:adm and not tomcat:adm, because the config still has "create 640 tomcat adm". Maybe rsyslog won the race and created the file, and maybe we can drop this "create" line from the logrotate config for tomcat9.
So now I have:
- logs produced by the java process: tomcat:adm 0640
- logs rotated by logrotate: syslog:adm 0640
- log produced by rsyslog: syslog:adm 0640
-rw-r----- 1 tomcat adm 21K Jun 23 13:51 catalina. 2022-06- 23.log 2022-06- 23.log access_ log.2022- 06-23.txt
-rw-r----- 1 syslog adm 0 Jun 23 13:52 catalina.out
-rw-r----- 1 syslog adm 7.7K Jun 23 13:52 catalina.out.1
-rw-r----- 1 syslog adm 20 Jun 23 13:43 catalina.out.2.gz
-rw-r----- 1 syslog adm 93 Jun 23 13:42 catalina.out.3.gz
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost.
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost_
Let's reinstall tomcat9. And I get: 2022-06- 23.log 2022-06- 23.log access_ log.2022- 06-23.txt
-rw-r----- 1 tomcat adm 27K Jun 23 14:03 catalina.
-rw-r----- 1 tomcat adm 0 Jun 23 13:52 catalina.out
-rw-r----- 1 tomcat adm 7.7K Jun 23 13:52 catalina.out.1
-rw-r----- 1 tomcat adm 20 Jun 23 13:43 catalina.out.2.gz
-rw-r----- 1 tomcat adm 93 Jun 23 13:42 catalina.out.3.gz
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost.
-rw-r----- 1 tomcat adm 0 Jun 23 13:32 localhost_
That's because of tomcat9's postinst which does chown -Rh tomcat:adm /var/log/tomcat9.
And now rsyslog cannot write to catalina.out anymore: tomcat9/ catalina. out': open error: Permission denied [v8.2204.0 try https:/ /www.rsyslog. com/e/2433 ]
Jun 23 14:06:03 k-tomcat9-logging rsyslogd: file '/var/log/
And this time logrotate's "create" kicked in, because an empty catalina.out is created as tomcat:adm.
So we need to exclude /var/log/ tomcat9/ catalina. out from tomcat9's recursive chown in postinst.