[clue-admin] Logrotate is b0rked

Jed S. Baer thag at frii.com
Sat Mar 26 17:14:17 MST 2005 

I'm looking at the CLUE server logs, and noticing, again, that logrotate
isn't working properly.

For example:

$ sudo ls -rot /var/log/httpd/
Password:
total 114320
-rw-r--r--  1 root        0 Dec  9 19:23 ssl_request_log
-rw-r--r--  1 root        0 Dec  9 19:23 ssl_access_log
-rw-r--r--  1 root     3528 Dec 11 01:01 ssl_error_log.2
-rw-r--r--  1 root   905608 Dec 12 04:02 access_log.4
-rw-r--r--  1 root   558043 Dec 12 04:04 error_log.4
-rw-r--r--  1 root      252 Dec 17 12:42 ssl_error_log.1
-rw-r--r--  1 root  4580030 Dec 19 04:05 access_log.3
-rw-r--r--  1 root  1317563 Dec 19 04:06 error_log.3
-rw-r--r--  1 root 48864411 Feb  5 17:50 access_log.2
-rw-r--r--  1 root  7102143 Feb  5 17:51 error_log.2
-rw-r--r--  1 root     1764 Feb 26 18:28 ssl_error_log
-rw-r--r--  1 root        0 Mar  1 04:06 error_log
-rw-r--r--  1 root        0 Mar  1 04:06 access_log
-rw-r--r--  1 root  5838422 Mar 26 16:32 error_log.1
-rw-r--r--  1 root 47710467 Mar 26 16:38 access_log.1

Note that the "current" logfiles by name are all 0 bytes, whereas the
active logs are the .1 versions. This implies that logrotate is renaming
the files, but failing to execute its postrotate commands.

I've noticed this with the syslog files in /var/log as well. Right now,
/var/log/messages is a 0 length file, and /var/log/messages.1 is the
active log. Same thing for other syslog files. It looks as if other
postrotate commands are fine. It's only syslog and httpd which are having
problems.

I get no errors manually restarting apache, so I know that the command in
the httpd logrotate config file is OK. I can also manually run the
postrotate command in the logrotate syslog config file -- except that in
the shell, I didn't redirect syserr nor pipe to true, as I wanted to see
errors and prompts, if any, which there weren't.

So, given that these postrotate command utilize full paths, and don't, as
far as I know, need any envrionment variables, what would it be about
running them in cron that would make them fail?

$ cat syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
/var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
/dev/null || true
    endscript
}

$ cat httpd 
/var/log/httpd/error_log /var/log/httpd/access_log {
    monthly
    rotate 6
    missingok
    delaycompress
    sharedscripts
    postrotate
        /usr/sbin/apachectl graceful
        /usr/bin/webalizer
    endscript
}

jed
-- 
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1  4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

More information about the clue-admin mailing list