Tracking Center shows logs from a year ago

[smilebasti]

Hi, i just updated minor updates via the GUI (already before on v7.2.3).

Then i checked my tracking center which mail went through. I saw a mail in the future... I checked if i can go further into the future and i can
The Mails seem to be from last january:


cmd: date shows the correct time.

Any ideas how to solve that. Thanks

 

[Stoiko Ivanov]

How long do you keep your logs?
(i.e. what's the logrotate config for your /var/log/syslog files?)

 

[smilebasti]

Thanks for the fast response.
If there isn't a default setting or an option to change this in the Gui, i haven't setup anything.

 

[Stoiko Ivanov]

That's odd - since the logs are usually only kept for 4 weeks by default (if installed with 7.0, before it was 30 days)

could you please post:
* `cat /etc/logrotate.conf`
* `cat /etc/logrotate.d/*`
* `cat /etc/rsyslog.conf`
* `ls /var/log/syslog*`
* `head /var/log/syslog`
* `tail /var/log/syslog`

(all in code tags)

 

[smilebasti]

I think i installed it when it came to the Proxmox image repository in PVE images as lxc container.

cat /etc/logrotate.conf

# see "man logrotate" for details

# global options do not affect preceding include directives

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
#dateext

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# system-specific logs may also be configured here.

cat /etc/logrotate.d/*

/var/log/alternatives.log {
        monthly
        rotate 12
        compress
        delaycompress
        missingok
        notifempty
        create 644 root root
}
/var/log/apt/term.log {
  rotate 12
  monthly
  compress
  missingok
  notifempty
}

/var/log/apt/history.log {
  rotate 12
  monthly
  compress
  missingok
  notifempty
}

# no packages own btmp -- we'll rotate it here
/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}
/var/log/clamav/clamav.log {
     rotate 12
     weekly
     compress
     delaycompress
     create 640  clamav adm
     postrotate
     if [ -d /run/systemd/system ]; then
         systemctl -q is-active clamav-daemon && systemctl kill --signal=SIGHUP clamav-daemon || true
     else
         invoke-rc.d clamav-daemon reload-log > /dev/null || true
     fi
     endscript
     }
/var/log/clamav/freshclam.log {
     rotate 12
     weekly
     compress
     delaycompress
     missingok
     create 640  clamav adm
     postrotate
     if [ -d /run/systemd/system ]; then
         systemctl -q is-active clamav-freshclam && systemctl kill --signal=SIGHUP clamav-freshclam || true
     else
         invoke-rc.d clamav-freshclam reload-log > /dev/null || true
     fi
     endscript
     }
/var/log/dpkg.log {
        monthly
        rotate 12
        compress
        delaycompress
        missingok
        notifempty
        create 644 root root
}
/var/log/pmgproxy/pmgproxy.log {
        rotate 12
        monthly
        missingok
        compress
        delaycompress
        notifempty
        create 640 www-data www-data
        sharedscripts
        postrotate
                /bin/systemctl try-reload-or-restart pmgproxy.service
        endscript
}
/var/log/postgresql/*.log {
       weekly
       rotate 10
       copytruncate
       delaycompress
       compress
       notifempty
       missingok
       su root root
}
/var/log/razor-agent.log {
        weekly
        rotate 3
        compress
        nomail
        notifempty
        missingok
}
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
        rotate 4
        weekly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}
# no packages own wtmp -- we'll rotate it here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

cat /etc/rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        mail.none               -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail.none               -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

ls /var/log/syslog*

/var/log/syslog    /var/log/syslog.2.gz  /var/log/syslog.4.gz  /var/log/syslog.6.gz
/var/log/syslog.1  /var/log/syslog.3.gz  /var/log/syslog.5.gz  /var/log/syslog.7.gz

head /var/log/syslog

Jan 10 00:00:06 Mail-Gaytway rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="77" x-info="https://www.rsyslog.com"] rsyslogd was HUPed
Jan 10 00:00:06 Mail-Gaytway systemd[1]: logrotate.service: Succeeded.
Jan 10 00:00:06 Mail-Gaytway systemd[1]: Started Rotate log files.
Jan 10 00:00:06 Mail-Gaytway systemd[1]: logrotate.service: Consumed 399ms CPU time.
Jan 10 00:00:08 Mail-Gaytway systemd[1]: Reloading Proxmox Mail Gateway Policy Daemon.
Jan 10 00:00:08 Mail-Gaytway pmgpolicy[434]: Received a SIG HUP
Jan 10 00:00:08 Mail-Gaytway systemd[1]: Reloaded Proxmox Mail Gateway Policy Daemon.
Jan 10 00:00:08 Mail-Gaytway pmgpolicy[434]: 2022/01/10-00:00:08 Server closing!
Jan 10 00:00:08 Mail-Gaytway pmgpolicy[434]: 2022/01/10-00:00:08 Re-exec server during HUP
Jan 10 00:00:08 Mail-Gaytway postfix/postscreen[539207]: CONNECT from [37.48.96.90]:44434 to [192.168.1.64]:25

tail /var/log/syslog

Jan  3 13:59:19 Mail-Gaytway postfix/postscreen[87607]: PASS OLD [172.105.168.58]:41326
Jan  3 13:59:19 Mail-Gaytway postfix/smtpd[89183]: connect from wk8-3.hetrixtools.com[172.105.168.58]
Jan  3 13:59:19 Mail-Gaytway postfix/smtpd[89183]: lost connection after CONNECT from wk8-3.hetrixtools.com[172.105.168.58]
Jan  3 13:59:19 Mail-Gaytway postfix/smtpd[89183]: disconnect from wk8-3.hetrixtools.com[172.105.168.58] commands=0/0
Jan  3 13:59:20 Mail-Gaytway postfix/postscreen[87607]: CONNECT from [172.105.168.58]:42246 to [192.168.1.64]:25
Jan  3 13:59:20 Mail-Gaytway postfix/postscreen[87607]: PASS OLD [172.105.168.58]:42246
Jan  3 13:59:20 Mail-Gaytway postfix/smtpd[89047]: connect from wk8-3.hetrixtools.com[172.105.168.58]
Jan  3 13:59:20 Mail-Gaytway postfix/smtpd[89047]: disconnect from wk8-3.hetrixtools.com[172.105.168.58] ehlo=1 quit=1 commands=2
Jan  3 13:59:25 Mail-Gaytway pmgmirror[87362]: starting cluster synchronization
Jan  3 13:59:25 Mail-Gaytway pmgmirror[87362]: cluster synchronization finished  (0 errors, 0.04 seconds (files 0.00, database 0.04, config 0.00))

 

[Stoiko Ivanov]

Thanks - that still does not explain it:
*`head /var/log/syslog` (the top of the log-file where the earliest logs are) shows Jan 10. - which is after the tail (the bottom of the logs Jan 03

could you also paste:
* `ls -latr /var/log/syslog*` (should show the dates of the files and sort them accordingly

else my guess is:
* logrotation is not working and your single /var/log/syslog contains the complete logs from almost one year
* the machine hat a wrong time when booting and the time was set to the correct (earlier time)

* for the first part `systemctl status logrotate.service` , `systemctl status logrotate.timer` and `journalctl -u logrotate` should give a hint at what's going on
* for the second part - look through `journalctl -b` for message regarding time being set (some ntp-servers like ntp, chrony etc. can do this)

I hope this helps!

 

[smilebasti]

I can't go back any further then the 3. Jan but as it seems it's exactly one year of logs.

ls -latr /var/log/syslog*

-rw-r--r-- 1 root root     413492 Jan  4  2022 /var/log/syslog.7.gz
-rw-r--r-- 1 root root     422403 Jan  5  2022 /var/log/syslog.6.gz
-rw-r--r-- 1 root root     412147 Jan  6  2022 /var/log/syslog.5.gz
-rw-r--r-- 1 root root     411924 Jan  7  2022 /var/log/syslog.4.gz
-rw-r--r-- 1 root root     411745 Jan  8  2022 /var/log/syslog.3.gz
-rw-r--r-- 1 root root     411259 Jan  9  2022 /var/log/syslog.2.gz
-rw-r--r-- 1 root root    6301268 Jan 10  2022 /var/log/syslog.1
-rw-r--r-- 1 root root 2814572365 Jan  3 14:33 /var/log/syslog

systemctl status logrotate.service

 logrotate.service - Rotate log files
     Loaded: loaded (/lib/systemd/system/logrotate.service; static)
     Active: failed (Result: exit-code) since Tue 2023-01-03 00:00:55 CET; 14h ago
TriggeredBy: ● logrotate.timer
       Docs: man:logrotate(8)
             man:logrotate.conf(5)
   Main PID: 79361 (code=exited, status=226/NAMESPACE)
        CPU: 32ms

Jan 03 00:00:55 Mail-Gaytway systemd[1]: Starting Rotate log files...
Jan 03 00:00:55 Mail-Gaytway systemd[79361]: logrotate.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Jan 03 00:00:55 Mail-Gaytway systemd[79361]: logrotate.service: Failed at step NAMESPACE spawning /usr/sbin/logrotate: Permission denied
Jan 03 00:00:55 Mail-Gaytway systemd[1]: logrotate.service: Main process exited, code=exited, status=226/NAMESPACE
Jan 03 00:00:55 Mail-Gaytway systemd[1]: logrotate.service: Failed with result 'exit-code'.
Jan 03 00:00:55 Mail-Gaytway systemd[1]: Failed to start Rotate log files.

systemctl status logrotate.timer is active waiting

journalctl -u logrotate since October daily:

Jan 02 00:00:56 Mail-Gaytway systemd[1]: Starting Rotate log files...
Jan 02 00:00:56 Mail-Gaytway systemd[67065]: logrotate.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Jan 02 00:00:56 Mail-Gaytway systemd[67065]: logrotate.service: Failed at step NAMESPACE spawning /usr/sbin/logrotate: Permission denied
Jan 02 00:00:56 Mail-Gaytway systemd[1]: logrotate.service: Main process exited, code=exited, status=226/NAMESPACE
Jan 02 00:00:56 Mail-Gaytway systemd[1]: logrotate.service: Failed with result 'exit-code'.
Jan 02 00:00:56 Mail-Gaytway systemd[1]: Failed to start Rotate log files.
Jan 03 00:00:55 Mail-Gaytway systemd[1]: Starting Rotate log files...
Jan 03 00:00:55 Mail-Gaytway systemd[79361]: logrotate.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Jan 03 00:00:55 Mail-Gaytway systemd[79361]: logrotate.service: Failed at step NAMESPACE spawning /usr/sbin/logrotate: Permission denied
Jan 03 00:00:55 Mail-Gaytway systemd[1]: logrotate.service: Main process exited, code=exited, status=226/NAMESPACE
Jan 03 00:00:55 Mail-Gaytway systemd[1]: logrotate.service: Failed with result 'exit-code'.
Jan 03 00:00:55 Mail-Gaytway systemd[1]: Failed to start Rotate log files.
lines 375-410/410 (END)

As it seems to be a permission error i haven't had a look at time being set. Let me know if i should do it.

 

[Stoiko Ivanov]

Hmm - this looks like your PMG is running as a LXC container?
if so - please share the config of the container
(if it's a PVE system `pct config <VMID>` (replace '<VMID>' with the id of the pmg container))

 

[smilebasti]

Yes it is.

arch: amd64
cores: 2
hostname: Mail-Gaytway
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=D6:2D:05:21:F8:5E,ip=192.168.1.64/24,ip6=dhcp,type=veth
onboot: 1
ostype: debian
rootfs: data5:vm-202-disk-0,size=40G
swap: 4096
unprivileged: 1

 

[Stoiko Ivanov]

Ok - guessed so - for systemd to run smoothly with newer linux-distributions you need to enable nesting for that container (which is fine as long as the container is unprivileged)

Afterwards logrotation should work again and the issue will eventually resolve itself (the old logs will be rotated away and thus removed from the system)

 

[smilebasti]

Ok thank you
Probably would have been great to be mentioned in the upgrade docs.

Will reply here if this persists

 

[Stoiko Ivanov]

Probably would have been great to be mentioned in the upgrade docs.

that was added in May 2022 - so maybe after you did your upgrade (after the first reports of the issue we received):
https://pmg.proxmox.com/wiki/index...._7.0#Installations_as_Container_on_Proxmox_VE