Focal verification Reproducing the problems: root@f-tomcat9-logging:~# apt-cache policy tomcat9 tomcat9: Installed: 9.0.31-1ubuntu0.2 Candidate: 9.0.31-1ubuntu0.2 Version table: *** 9.0.31-1ubuntu0.2 500 500 http://br.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages a) rsyslog is complaining that it can't change the ownership of catalina.out: In the case of focal, it's even worse, as catalina.out cannot even be created because the parent directory doesn't allow the adm group write access: root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/catalina.out ls: cannot access '/var/log/tomcat9/catalina.out': No such file or directory root@f-tomcat9-logging:~# grep -E 'catalina\.out' /var/log/syslog Jul 27 14:04:30 f-tomcat9-logging rsyslogd: file '/var/log/tomcat9/catalina.out': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] b) logrotate fails: Again, focal is different, since the log file doesn't exist, logrotate won't fail yet out of the box: root@f-tomcat9-logging:~# logrotate -f /etc/logrotate.conf root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/ total 8 drwxr-s--- 1 tomcat adm 164 Jul 27 14:04 . drwxrwxr-x 1 root syslog 430 Jul 27 14:07 .. -rw-r----- 1 tomcat adm 5668 Jul 27 14:04 catalina.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt c) if the package is reinstalled, or an update without this fix becomes available and is applied, the catalina.out file will have incorrect ownership and rsyslog won't be able to write to it anymore: Since catalona.out doesn't exist, reinstalling the package doesn't break it: root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/ total 8 drwxr-s--- 1 tomcat adm 164 Jul 27 14:04 . drwxrwxr-x 1 root syslog 430 Jul 27 14:07 .. -rw-r----- 1 tomcat adm 5668 Jul 27 14:04 catalina.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt root@f-tomcat9-logging:~# apt install --reinstall tomcat9 (...) Unpacking tomcat9 (9.0.31-1ubuntu0.2) over (9.0.31-1ubuntu0.2) ... Setting up tomcat9 (9.0.31-1ubuntu0.2) ... Processing triggers for rsyslog (8.2001.0-1ubuntu1.3) ... root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/ total 12 drwxr-s--- 1 tomcat adm 164 Jul 27 14:04 . drwxrwxr-x 1 root syslog 430 Jul 27 14:07 .. -rw-r----- 1 tomcat adm 11836 Jul 27 14:08 catalina.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt So for focal, the main problem is (a), and (b) and (c) don't get a chance to appear because of that. But once (a) is fixed, (b) and (c) will happen, and need to be fixed as well. Installing the fixed version from proposed: root@f-tomcat9-logging:~# apt-cache policy tomcat9 tomcat9: Installed: 9.0.31-1ubuntu0.3 Candidate: 9.0.31-1ubuntu0.3 Version table: *** 9.0.31-1ubuntu0.3 500 500 http://br.archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages 0) Right after installing the fixed package from proposed, catalina.out shows up with content, and correct permissions and ownership, and /var/log/tomcat9 is 2770 (instead of 2775) as expected: root@f-tomcat9-logging:~# l /var/log/tomcat9/ total 24K drwxrws--- 1 tomcat adm 188 Jul 27 14:11 . drwxrwxr-x 1 root syslog 482 Jul 27 14:11 .. -rw-r----- 1 tomcat adm 18K Jul 27 14:11 catalina.2022-07-27.log -rw-r----- 1 syslog adm 3.8K Jul 27 14:11 catalina.out -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt a) rsyslog won't complain anymore about failing to open or chown the file: root@f-tomcat9-logging:~# systemctl stop rsyslog.service syslog.socket root@f-tomcat9-logging:~# > /var/log/syslog root@f-tomcat9-logging:~# systemctl start rsyslog.service syslog.socket root@f-tomcat9-logging:~# systemctl restart tomcat9 # just to trigger writing to catalina.out root@f-tomcat9-logging:~# grep rsyslogd /var/log/syslog Jul 27 14:13:32 f-tomcat9-logging rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2001.0] Jul 27 14:13:32 f-tomcat9-logging rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Permission denied. Jul 27 14:13:32 f-tomcat9-logging rsyslogd: activation of module imklog failed [v8.2001.0 try https://www.rsyslog.com/e/2145 ] Jul 27 14:13:32 f-tomcat9-logging rsyslogd: rsyslogd's groupid changed to 110 Jul 27 14:13:32 f-tomcat9-logging rsyslogd: rsyslogd's userid changed to 104 Jul 27 14:13:32 f-tomcat9-logging rsyslogd: [origin software="rsyslogd" swVersion="8.2001.0" x-pid="6986" x-info="https://www.rsyslog.com"] start b) since now we have a catalina.out file, logrotate works on it, and there are no errors, and the correct permissions and ownership are preserved: root@f-tomcat9-logging:~# l /var/log/tomcat9/ total 24K drwxrws--- 1 tomcat adm 188 Jul 27 14:11 . drwxrwxr-x 1 root syslog 482 Jul 27 14:11 .. -rw-r----- 1 tomcat adm 18K Jul 27 14:11 catalina.2022-07-27.log -rw-r----- 1 syslog adm 3.8K Jul 27 14:11 catalina.out -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt root@f-tomcat9-logging:~# logrotate -f /etc/logrotate.conf root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/ total 32 drwxrws--- 1 tomcat adm 216 Jul 27 14:14 . drwxrwxr-x 1 root syslog 586 Jul 27 14:14 .. -rw-r----- 1 tomcat adm 24174 Jul 27 14:13 catalina.2022-07-27.log -rw-r----- 1 syslog adm 0 Jul 27 14:14 catalina.out -rw-r----- 1 syslog adm 7756 Jul 27 14:14 catalina.out.1 -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost.2022-07-27.log -rw-r----- 1 tomcat adm 0 Jul 27 14:04 localhost_access_log.2022-07-27.txt c) reinstalling the package doesn't break catalina.out logging again (note: catalina.out is 0 sized because this was run right after the logrotate from above) root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/catalina.out -rw-r----- 1 syslog adm 0 Jul 27 14:14 /var/log/tomcat9/catalina.out root@f-tomcat9-logging:~# apt install tomcat9 -y --reinstall (...) Preparing to unpack .../tomcat9_9.0.31-1ubuntu0.3_all.deb ... Unpacking tomcat9 (9.0.31-1ubuntu0.3) over (9.0.31-1ubuntu0.3) ... Setting up tomcat9 (9.0.31-1ubuntu0.3) ... Processing triggers for rsyslog (8.2001.0-1ubuntu1.3) ... root@f-tomcat9-logging:~# ls -la /var/log/tomcat9/catalina.out -rw-r----- 1 syslog adm 3877 Jul 27 14:16 /var/log/tomcat9/catalina.out Focal verification succeeded.