Fix Broken Logrotate on Debian Systems Without rsyslog

The Problem

On Debian 12 (bookworm) systems running systemd/journald without rsyslog, stale logrotate configs that reference the syslog user or rsyslog-specific directives will cause ALL log rotation to fail, not just the broken config.

Logrotate treats any error as fatal for the entire run. One bad config file in /etc/logrotate.d/ can silently prevent rotation of every log on the system, leading to disk-filling log growth.

Symptoms

• Logs growing unbounded (e.g., Asterisk full log reaching 8+ GB)
• logrotate --debug /etc/logrotate.conf shows errors about missing users
• /var/lib/logrotate/status shows stale timestamps

Diagnosis

# Test logrotate to find the offending config
sudo logrotate --debug /etc/logrotate.conf 2>&1 | grep -i error

# Check for configs referencing rsyslog-specific settings
grep -r 'syslog' /etc/logrotate.d/

# Check if rsyslog is even installed
dpkg -l rsyslog 2>/dev/null || echo "rsyslog not installed"

In our case, /etc/logrotate.d/rsyslog-custom was left behind by Ansible and contained:

/var/log/syslog
/var/log/mail.log
{
    rotate 7
    daily
    ...
    su root syslog
    ...
}

The su root syslog directive failed because the syslog user does not exist on systems without rsyslog.

Fix

# Remove the offending config
sudo rm /etc/logrotate.d/rsyslog-custom

# Force rotation to catch up on everything that was blocked
sudo logrotate --force /etc/logrotate.conf

# Verify it works cleanly now
sudo logrotate --debug /etc/logrotate.conf 2>&1 | tail -5

Prevention

When decommissioning rsyslog in favor of journald:

1. Remove /etc/logrotate.d/rsyslog* configs
2. Verify no other configs in /etc/logrotate.d/ reference the syslog user
3. Run logrotate --debug to confirm clean operation

Key Takeaway

Logrotate is all-or-nothing per run. A single broken config in /etc/logrotate.d/ silently breaks rotation for every service on the system. After any system changes (removing packages, changing init systems), always verify logrotate still works.