[clue-admin] Logrotate is b0rked
Jed S. Baer
thag at frii.com
Sat Mar 26 17:14:17 MST 2005
I'm looking at the CLUE server logs, and noticing, again, that logrotate
isn't working properly.
For example:
$ sudo ls -rot /var/log/httpd/
Password:
total 114320
-rw-r--r-- 1 root 0 Dec 9 19:23 ssl_request_log
-rw-r--r-- 1 root 0 Dec 9 19:23 ssl_access_log
-rw-r--r-- 1 root 3528 Dec 11 01:01 ssl_error_log.2
-rw-r--r-- 1 root 905608 Dec 12 04:02 access_log.4
-rw-r--r-- 1 root 558043 Dec 12 04:04 error_log.4
-rw-r--r-- 1 root 252 Dec 17 12:42 ssl_error_log.1
-rw-r--r-- 1 root 4580030 Dec 19 04:05 access_log.3
-rw-r--r-- 1 root 1317563 Dec 19 04:06 error_log.3
-rw-r--r-- 1 root 48864411 Feb 5 17:50 access_log.2
-rw-r--r-- 1 root 7102143 Feb 5 17:51 error_log.2
-rw-r--r-- 1 root 1764 Feb 26 18:28 ssl_error_log
-rw-r--r-- 1 root 0 Mar 1 04:06 error_log
-rw-r--r-- 1 root 0 Mar 1 04:06 access_log
-rw-r--r-- 1 root 5838422 Mar 26 16:32 error_log.1
-rw-r--r-- 1 root 47710467 Mar 26 16:38 access_log.1
Note that the "current" logfiles by name are all 0 bytes, whereas the
active logs are the .1 versions. This implies that logrotate is renaming
the files, but failing to execute its postrotate commands.
I've noticed this with the syslog files in /var/log as well. Right now,
/var/log/messages is a 0 length file, and /var/log/messages.1 is the
active log. Same thing for other syslog files. It looks as if other
postrotate commands are fine. It's only syslog and httpd which are having
problems.
I get no errors manually restarting apache, so I know that the command in
the httpd logrotate config file is OK. I can also manually run the
postrotate command in the logrotate syslog config file -- except that in
the shell, I didn't redirect syserr nor pipe to true, as I wanted to see
errors and prompts, if any, which there weren't.
So, given that these postrotate command utilize full paths, and don't, as
far as I know, need any envrionment variables, what would it be about
running them in cron that would make them fail?
$ cat syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
/var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
/dev/null || true
endscript
}
$ cat httpd
/var/log/httpd/error_log /var/log/httpd/access_log {
monthly
rotate 6
missingok
delaycompress
sharedscripts
postrotate
/usr/sbin/apachectl graceful
/usr/bin/webalizer
endscript
}
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list