Hello,
We have specific active Elasticsearch clusters whose logrotation crushes frequently.
We have more than 100 elasticsearch clusters and just some specific keep crushing their logrotation.
After investigation, I have come to conclude that it has something to do with the small amount of logging to those clusters. Some days there are no logs to those clusters.
I have two suspects:
-
either log4j.properties minimum size, which I could not locate ( as a file ) somewhere in the installation. Thus I wonder wether it is overriden by something or has some kind of defaults if not present.
-
The conversion pattern of the logs which looks something like this:
file: type: extrasRollingFile file: ${path.logs}/${cluster.name}.log rollingPolicy: timeBased rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
That, because some days there are no logs, so maybe if it goes through a day that cannot rotate. itremains crushed for the rest of the days as well, and needs a service restart.
So do you believe it is the small size of the logs to blame or the absense of logs that blocks log rotation?
log4j or logging.yml?
Thanks!