The ProtectSystem=full option prevents logrotate from rotating logs stored under /etc and /usr folders.
As a workaround, add the following option to your logrotate service file (/lib/systemd/system/logrotate.service) to explicitly allow JetBackup logs under the /usr/local/jetapps folder to get rotated.ReadWritePaths=/usr/local/jetapps
To apply the changes, restart the system daemon.systemctl daemon-reload
Logrotate issues with SELinux Enabled
If you review the output of journalctl -u logrotate and see errors like the following, it may indicate that SELinux is preventing logrotate from rotating JetBackup logs:
Aug 21 00:00:01 server.com logrotate[1934830]: error: error creating output file /usr/local/jetapps/var/log/jetbackup5/jetbackupapi.log-20250821: Permission denied
Aug 21 00:00:01 server.com logrotate[1934830]: error: error creating output file /usr/local/jetapps/var/log/jetbackup5/jetbackupd.log-20250821: Permission denied
Aug 21 00:00:01 server.com logrotate[1934830]: error: error creating output file /usr/local/jetapps/var/log/mongod/mongod.log-20250821: Permission denied
To confirm whether SELinux is the source of the issue, you can correlate the PID shown in the logrotate error (in this case, 1934830) with denials recorded in SELinux's audit log:
# cat /var/log/audit/audit.log | grep 1934830
Example output:
type=AVC msg=audit(1755748801.471:160593): avc: denied { write } for pid=1934830 comm="logrotate" name="jetbackup5" dev="sda1" ino=2232419 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0
This log entry confirms that SELinux is denying logrotate the necessary write permissions.
With that in mind, please refer to your server control panel’s documentation to confirm whether SELinux is supported.
