Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
logrotate naming issue
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
gentoonaut
n00b
n00b


Joined: 13 Aug 2012
Posts: 2
Location: Austria

PostPosted: Mon Aug 13, 2012 10:28 am    Post subject: logrotate naming issue Reply with quote

Hi everyone,

I have a problem with logrotate and i hope someone can help me. First i'll try to explain my setup.
I have an server where syslog listen for log entry's. The log files of other clients are gonna be stored under /var/log/clients/${HOSTNAME}. Logrotate usually should rotate this logs. Usually this works flawless except for one client.
Basically the logfiles for one client looking like that:

Code:
total 580
drwxr-xr-x 2 root root 36864 Jul  4 03:10 .
drwx------ 8 root root  4096 Aug  7 13:00 ..
-rw------- 1 root root 31855 Jul 28 09:44 auth
-rw------- 1 root root 10168 Jul 28 09:44 authpriv
-rw------- 1 root root  4793 Mai 12 03:09 authpriv-20120512.gz
-rw------- 1 root root  5663 Mai 15 03:09 authpriv-20120515.gz
-rw------- 1 root root  5600 Mai 18 03:09 authpriv-20120518.gz
-rw------- 1 root root  5368 Mai 21 03:09 authpriv-20120521.gz
-rw------- 1 root root  4537 Mai 23 19:30 authpriv-20120524.gz
-rw------- 1 root root 42514 Jun  3 09:10 cron
-rw------- 1 root root  8761 Apr  4 03:09 cron-20120404.gz
-rw------- 1 root root  8369 Apr 18 03:09 cron-20120418.gz
-rw------- 1 root root 16311 Mai  1 19:19 cron-20120501.gz
-rw------- 1 root root 10235 Mai 11 03:09 cron-20120511.gz
-rw------- 1 root root 11764 Mai 22 03:09 cron-20120522.gz
-rw------- 1 root root 80264 Jul 28 09:44 daemon
-rw------- 1 root root  7849 Mär 25 01:44 daemon-20120325.gz
-rw------- 1 root root 14735 Jul 28 09:44 kern
-rw------- 1 root root 12217 Dez  6  2011 kern-20111207.gz
-rw------- 1 root root 23104 Feb 15 18:49 kern-20120216.gz
-rw------- 1 root root 19197 Mär 10 18:33 kern-20120311.gz
-rw------- 1 root root 15118 Jun 23 11:28 kern-20120624.gz
-rw------- 1 root root 16672 Jul  1 20:41 kern-20120702.gz
-rw------- 1 root root   228 Jun  2 02:00 mail
-rw------- 1 root root 83919 Jul 28 09:37 syslog
-rw------- 1 root root  7802 Dez  9  2011 syslog-20111209.gz
-rw------- 1 root root  7911 Jan  6  2012 syslog-20120106.gz
-rw------- 1 root root  8022 Feb  3  2012 syslog-20120203.gz
-rw------- 1 root root  6665 Apr  4 15:10 syslog-20120405.gz
-rw------- 1 root root  7221 Jul  4 02:56 syslog-20120704.gz
-rw------- 1 root root   527 Jul  1 13:36 user


However, for one client the logfiles looking like that:

Code:
total 2376
drwx------ 2 root root  81920 Aug 13 03:10 .
drwx------ 8 root root   4096 Aug  7 13:00 ..
-rw------- 1 root root  27667 Aug 12 16:56 auth
-rw------- 1 root root  24290 Aug 13 00:59 authpriv
-rw------- 1 root root  28147 Aug 13 12:00 cron
-rw------- 1 root root      0 Aug  8 03:10 cron-20120806-20120807
-rw------- 1 root root      0 Aug  9 03:10 cron-20120806-20120807-20120808
-rw------- 1 root root      0 Aug 10 03:10 cron-20120806-20120807-20120808-20120809
-rw------- 1 root root      0 Aug 11 03:10 cron-20120806-20120807-20120808-20120809-20120810
-rw------- 1 root root      0 Aug 12 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811
-rw------- 1 root root      0 Aug 13 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 106873 Aug 13 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root     20 Aug  7 03:10 cron-20120806.gz
-rw------- 1 root root      0 Aug 13 03:10 cron-20120812
-rw------- 1 root root 118725 Aug 13 03:10 cron-20120812-20120813
-rw------- 1 root root   8525 Aug 13 10:28 daemon
-rw------- 1 root root      0 Aug  9 03:10 daemon-20120808
-rw------- 1 root root      0 Aug 10 03:10 daemon-20120808-20120809
-rw------- 1 root root      0 Aug 11 03:10 daemon-20120808-20120809-20120810
-rw------- 1 root root      0 Aug 12 03:10 daemon-20120808-20120809-20120810-20120811
-rw------- 1 root root      0 Aug 13 03:10 daemon-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 218261 Aug 13 03:10 daemon-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root 159494 Aug 13 12:03 kern
-rw------- 1 root root  27118 Aug  9 03:10 kern-20120809.gz
-rw------- 1 root root  27603 Aug 10 03:10 kern-20120810.gz
-rw------- 1 root root  37469 Aug 11 03:10 kern-20120811.gz
-rw------- 1 root root  29220 Aug 12 03:10 kern-20120812.gz
-rw------- 1 root root 472467 Aug 13 03:10 kern-20120813
-rw------- 1 root root  11796 Aug 13 10:28 majestix-dhcpd.log
-rw------- 1 root root   7917 Aug 13 01:00 majestix-fbackup.log
-rw------- 1 root root 110348 Aug 13 12:03 majestix-firewall-drop.log
-rw------- 1 root root  19049 Aug  9 03:10 majestix-firewall-drop.log-20120809.gz
-rw------- 1 root root  19232 Aug 10 03:10 majestix-firewall-drop.log-20120810.gz
-rw------- 1 root root  19728 Aug 11 03:10 majestix-firewall-drop.log-20120811.gz
-rw------- 1 root root  20059 Aug 12 03:10 majestix-firewall-drop.log-20120812.gz
-rw------- 1 root root 359684 Aug 13 03:10 majestix-firewall-drop.log-20120813
-rw------- 1 root root   5034 Aug 13 10:05 majestix-quasselcore.log
-rw------- 1 root root      0 Aug  9 03:10 majestix-quasselcore.log-20120808
-rw------- 1 root root      0 Aug 10 03:10 majestix-quasselcore.log-20120808-20120809
-rw------- 1 root root      0 Aug 11 03:10 majestix-quasselcore.log-20120808-20120809-20120810
-rw------- 1 root root      0 Aug 12 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811
-rw------- 1 root root      0 Aug 13 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 180848 Aug 13 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root  30997 Aug 13 02:00 syslog
-rw------- 1 root root   6399 Aug 13 10:05 user
-rw------- 1 root root      0 Aug  9 03:10 user-20120808
-rw------- 1 root root      0 Aug 10 03:10 user-20120808-20120809
-rw------- 1 root root      0 Aug 11 03:10 user-20120808-20120809-20120810
-rw------- 1 root root      0 Aug 12 03:10 user-20120808-20120809-20120810-20120811
-rw------- 1 root root      0 Aug 13 03:10 user-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 196172 Aug 13 03:10 user-20120808-20120809-20120810-20120811-20120812-20120813



Here you see the naming issue. Logrotate always adds the date to filename. Besides that, every day i'll get an email from cron:

Code:
error: error opening /var/log/clients/majestix/kern-20120812: No such file or directory
error: error opening /var/log/clients/majestix/majestix-firewall-drop.log-20120812: No such file or directory


Usually after a while i delete all logs, then it starts from the beginning. It's always different. Last time it only generates these strange files names only for the "daemon" log files. This time, as you can see, more log files are affected. If i don't delete the files I would get another error mail stating the the file names are too long.

For logrotate i already tried a few different configurations. Usually i use the same configuration as for every other client:

Code:
tunafix logrotate.d # cat baltix
/var/log/clients/baltix/* {
        missingok
        notifempty
        copytruncate
        rotate 5
        size 100k
}


For majestix i use right now following configuration:

Code:
tunafix logrotate.d # cat majestix
/var/log/clients/majestix/* {
        missingok
        notifempty
        copytruncate
        delaycompress
        rotate 5
        size 100k
        postrotate
                /etc/init.d/syslog-ng reload > /dev/null
        endscript
}


The main configuration is the default and looks like that:

Code:
# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $
#
# Logrotate default configuration file for Gentoo Linux
#
# See "man logrotate" for details

# rotate log files weekly
weekly
#daily

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
compress

# packages can drop log rotation information into this directory
include /etc/logrotate.d

notifempty
nomail
noolddir

# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.


I don't know what the reason is. My first though was because it's my firewall and thus produces quite alot logs. However, i already lower the logging to a minimum. Besides that, the logfiles where the firewall (iptables) messages are going are ok anyway (look above, its: majestix.firewall.drop.log and also kern), even though it happen with them already too.
The problematic logfiles right now dosn't produce that much. They produce just a few times a day log entries...

The problem is just for that one client. Even the local log's are perfectly fine. Uninstall/install, delete all log entries didn't solve anything.
I really don't know what that problem cause and hope someone can help me.

Thx!
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Aug 13, 2012 1:38 pm    Post subject: Re: logrotate naming issue Reply with quote

gentoonaut wrote:
Code:
/var/log/clients/majestix/* {

gentoonaut ... the use of a wildcard will mean that the previously rotated files will be included in the subsequent rotaion, hence the '20120806-20120807-x'. In short your telling logrotate to rotate every file, including those previously rotated. So, you need to be more specific about the files in rotation:

Code:
/var/log/clients/majestix/cron /var/log/clients/majestix/daemon /var/log/clients/majestix/kern {

gentoonaut wrote:
[...] Besides that, the logfiles where the firewall (iptables) messages are going are ok anyway (look above, its: majestix.firewall.drop.log and also kern), even though it happen with them already too. The problematic logfiles right now dosn't produce that much. They produce just a few times a day log entries...

Some files won't be rotated until they reach 100k (due to your size limit) and so the pattern will be erratic. I don't really understand why you have this option set, nor 'copytruncate', note how many of the rotated files are zero k, this is proably due to you having 'create' set in the main config and so are running 'copy' and 'create'.

gentoonaut wrote:
The problem is just for that one client. Even the local log's are perfectly fine. Uninstall/install, delete all log entries didn't solve anything.

I don't think so, your wildcarding both 'majestix' and 'baltix' ... the difference being the erratic nature produced as a result of size, and copytrunctate/create.

Anyhow, here is an example I used for logrotating postfix ... it might give you some how you might approach your problem. Note the use of 'sharedscripts' (missing from your logrotate.d/) this means that the 'postrotate' is only run once after all files have been handled, and not after every file.

Code:
/var/log/mail.log /var/log/mail.err /var/log/mail.warn {
  missingok
  notifempty
  weekly
  rotate 3
  compress
  sharedscripts
  postrotate
    /etc/init.d/postfix reload > /dev/null 2>&1 || true
  endscript
}

HTH & best ... khay
Back to top
View user's profile Send private message
gentoonaut
n00b
n00b


Joined: 13 Aug 2012
Posts: 2
Location: Austria

PostPosted: Wed Aug 15, 2012 5:47 pm    Post subject: Reply with quote

thx khayyam!

I tried many things, but never though about that wildcard. :/
That was probably the reason. I just changed my config. Many thx for your example, i had for sure some strange configuration.

I'm pretty sure that it works now. Finally i could solve the problem :)

thx again.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum