View previous topic :: View next topic |
Author |
Message |
gentoonaut n00b
Joined: 13 Aug 2012 Posts: 2 Location: Austria
|
Posted: Mon Aug 13, 2012 10:28 am Post subject: logrotate naming issue |
|
|
Hi everyone,
I have a problem with logrotate and i hope someone can help me. First i'll try to explain my setup.
I have an server where syslog listen for log entry's. The log files of other clients are gonna be stored under /var/log/clients/${HOSTNAME}. Logrotate usually should rotate this logs. Usually this works flawless except for one client.
Basically the logfiles for one client looking like that:
Code: | total 580
drwxr-xr-x 2 root root 36864 Jul 4 03:10 .
drwx------ 8 root root 4096 Aug 7 13:00 ..
-rw------- 1 root root 31855 Jul 28 09:44 auth
-rw------- 1 root root 10168 Jul 28 09:44 authpriv
-rw------- 1 root root 4793 Mai 12 03:09 authpriv-20120512.gz
-rw------- 1 root root 5663 Mai 15 03:09 authpriv-20120515.gz
-rw------- 1 root root 5600 Mai 18 03:09 authpriv-20120518.gz
-rw------- 1 root root 5368 Mai 21 03:09 authpriv-20120521.gz
-rw------- 1 root root 4537 Mai 23 19:30 authpriv-20120524.gz
-rw------- 1 root root 42514 Jun 3 09:10 cron
-rw------- 1 root root 8761 Apr 4 03:09 cron-20120404.gz
-rw------- 1 root root 8369 Apr 18 03:09 cron-20120418.gz
-rw------- 1 root root 16311 Mai 1 19:19 cron-20120501.gz
-rw------- 1 root root 10235 Mai 11 03:09 cron-20120511.gz
-rw------- 1 root root 11764 Mai 22 03:09 cron-20120522.gz
-rw------- 1 root root 80264 Jul 28 09:44 daemon
-rw------- 1 root root 7849 Mär 25 01:44 daemon-20120325.gz
-rw------- 1 root root 14735 Jul 28 09:44 kern
-rw------- 1 root root 12217 Dez 6 2011 kern-20111207.gz
-rw------- 1 root root 23104 Feb 15 18:49 kern-20120216.gz
-rw------- 1 root root 19197 Mär 10 18:33 kern-20120311.gz
-rw------- 1 root root 15118 Jun 23 11:28 kern-20120624.gz
-rw------- 1 root root 16672 Jul 1 20:41 kern-20120702.gz
-rw------- 1 root root 228 Jun 2 02:00 mail
-rw------- 1 root root 83919 Jul 28 09:37 syslog
-rw------- 1 root root 7802 Dez 9 2011 syslog-20111209.gz
-rw------- 1 root root 7911 Jan 6 2012 syslog-20120106.gz
-rw------- 1 root root 8022 Feb 3 2012 syslog-20120203.gz
-rw------- 1 root root 6665 Apr 4 15:10 syslog-20120405.gz
-rw------- 1 root root 7221 Jul 4 02:56 syslog-20120704.gz
-rw------- 1 root root 527 Jul 1 13:36 user |
However, for one client the logfiles looking like that:
Code: | total 2376
drwx------ 2 root root 81920 Aug 13 03:10 .
drwx------ 8 root root 4096 Aug 7 13:00 ..
-rw------- 1 root root 27667 Aug 12 16:56 auth
-rw------- 1 root root 24290 Aug 13 00:59 authpriv
-rw------- 1 root root 28147 Aug 13 12:00 cron
-rw------- 1 root root 0 Aug 8 03:10 cron-20120806-20120807
-rw------- 1 root root 0 Aug 9 03:10 cron-20120806-20120807-20120808
-rw------- 1 root root 0 Aug 10 03:10 cron-20120806-20120807-20120808-20120809
-rw------- 1 root root 0 Aug 11 03:10 cron-20120806-20120807-20120808-20120809-20120810
-rw------- 1 root root 0 Aug 12 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811
-rw------- 1 root root 0 Aug 13 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 106873 Aug 13 03:10 cron-20120806-20120807-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root 20 Aug 7 03:10 cron-20120806.gz
-rw------- 1 root root 0 Aug 13 03:10 cron-20120812
-rw------- 1 root root 118725 Aug 13 03:10 cron-20120812-20120813
-rw------- 1 root root 8525 Aug 13 10:28 daemon
-rw------- 1 root root 0 Aug 9 03:10 daemon-20120808
-rw------- 1 root root 0 Aug 10 03:10 daemon-20120808-20120809
-rw------- 1 root root 0 Aug 11 03:10 daemon-20120808-20120809-20120810
-rw------- 1 root root 0 Aug 12 03:10 daemon-20120808-20120809-20120810-20120811
-rw------- 1 root root 0 Aug 13 03:10 daemon-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 218261 Aug 13 03:10 daemon-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root 159494 Aug 13 12:03 kern
-rw------- 1 root root 27118 Aug 9 03:10 kern-20120809.gz
-rw------- 1 root root 27603 Aug 10 03:10 kern-20120810.gz
-rw------- 1 root root 37469 Aug 11 03:10 kern-20120811.gz
-rw------- 1 root root 29220 Aug 12 03:10 kern-20120812.gz
-rw------- 1 root root 472467 Aug 13 03:10 kern-20120813
-rw------- 1 root root 11796 Aug 13 10:28 majestix-dhcpd.log
-rw------- 1 root root 7917 Aug 13 01:00 majestix-fbackup.log
-rw------- 1 root root 110348 Aug 13 12:03 majestix-firewall-drop.log
-rw------- 1 root root 19049 Aug 9 03:10 majestix-firewall-drop.log-20120809.gz
-rw------- 1 root root 19232 Aug 10 03:10 majestix-firewall-drop.log-20120810.gz
-rw------- 1 root root 19728 Aug 11 03:10 majestix-firewall-drop.log-20120811.gz
-rw------- 1 root root 20059 Aug 12 03:10 majestix-firewall-drop.log-20120812.gz
-rw------- 1 root root 359684 Aug 13 03:10 majestix-firewall-drop.log-20120813
-rw------- 1 root root 5034 Aug 13 10:05 majestix-quasselcore.log
-rw------- 1 root root 0 Aug 9 03:10 majestix-quasselcore.log-20120808
-rw------- 1 root root 0 Aug 10 03:10 majestix-quasselcore.log-20120808-20120809
-rw------- 1 root root 0 Aug 11 03:10 majestix-quasselcore.log-20120808-20120809-20120810
-rw------- 1 root root 0 Aug 12 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811
-rw------- 1 root root 0 Aug 13 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 180848 Aug 13 03:10 majestix-quasselcore.log-20120808-20120809-20120810-20120811-20120812-20120813
-rw------- 1 root root 30997 Aug 13 02:00 syslog
-rw------- 1 root root 6399 Aug 13 10:05 user
-rw------- 1 root root 0 Aug 9 03:10 user-20120808
-rw------- 1 root root 0 Aug 10 03:10 user-20120808-20120809
-rw------- 1 root root 0 Aug 11 03:10 user-20120808-20120809-20120810
-rw------- 1 root root 0 Aug 12 03:10 user-20120808-20120809-20120810-20120811
-rw------- 1 root root 0 Aug 13 03:10 user-20120808-20120809-20120810-20120811-20120812
-rw------- 1 root root 196172 Aug 13 03:10 user-20120808-20120809-20120810-20120811-20120812-20120813 |
Here you see the naming issue. Logrotate always adds the date to filename. Besides that, every day i'll get an email from cron:
Code: | error: error opening /var/log/clients/majestix/kern-20120812: No such file or directory
error: error opening /var/log/clients/majestix/majestix-firewall-drop.log-20120812: No such file or directory |
Usually after a while i delete all logs, then it starts from the beginning. It's always different. Last time it only generates these strange files names only for the "daemon" log files. This time, as you can see, more log files are affected. If i don't delete the files I would get another error mail stating the the file names are too long.
For logrotate i already tried a few different configurations. Usually i use the same configuration as for every other client:
Code: | tunafix logrotate.d # cat baltix
/var/log/clients/baltix/* {
missingok
notifempty
copytruncate
rotate 5
size 100k
} |
For majestix i use right now following configuration:
Code: | tunafix logrotate.d # cat majestix
/var/log/clients/majestix/* {
missingok
notifempty
copytruncate
delaycompress
rotate 5
size 100k
postrotate
/etc/init.d/syslog-ng reload > /dev/null
endscript
} |
The main configuration is the default and looks like that:
Code: | # $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $
#
# Logrotate default configuration file for Gentoo Linux
#
# See "man logrotate" for details
# rotate log files weekly
weekly
#daily
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
compress
# packages can drop log rotation information into this directory
include /etc/logrotate.d
notifempty
nomail
noolddir
# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here. |
I don't know what the reason is. My first though was because it's my firewall and thus produces quite alot logs. However, i already lower the logging to a minimum. Besides that, the logfiles where the firewall (iptables) messages are going are ok anyway (look above, its: majestix.firewall.drop.log and also kern), even though it happen with them already too.
The problematic logfiles right now dosn't produce that much. They produce just a few times a day log entries...
The problem is just for that one client. Even the local log's are perfectly fine. Uninstall/install, delete all log entries didn't solve anything.
I really don't know what that problem cause and hope someone can help me.
Thx! |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Aug 13, 2012 1:38 pm Post subject: Re: logrotate naming issue |
|
|
gentoonaut wrote: | Code: | /var/log/clients/majestix/* { |
|
gentoonaut ... the use of a wildcard will mean that the previously rotated files will be included in the subsequent rotaion, hence the '20120806-20120807-x'. In short your telling logrotate to rotate every file, including those previously rotated. So, you need to be more specific about the files in rotation:
Code: | /var/log/clients/majestix/cron /var/log/clients/majestix/daemon /var/log/clients/majestix/kern { |
gentoonaut wrote: | [...] Besides that, the logfiles where the firewall (iptables) messages are going are ok anyway (look above, its: majestix.firewall.drop.log and also kern), even though it happen with them already too. The problematic logfiles right now dosn't produce that much. They produce just a few times a day log entries... |
Some files won't be rotated until they reach 100k (due to your size limit) and so the pattern will be erratic. I don't really understand why you have this option set, nor 'copytruncate', note how many of the rotated files are zero k, this is proably due to you having 'create' set in the main config and so are running 'copy' and 'create'.
gentoonaut wrote: | The problem is just for that one client. Even the local log's are perfectly fine. Uninstall/install, delete all log entries didn't solve anything. |
I don't think so, your wildcarding both 'majestix' and 'baltix' ... the difference being the erratic nature produced as a result of size, and copytrunctate/create.
Anyhow, here is an example I used for logrotating postfix ... it might give you some how you might approach your problem. Note the use of 'sharedscripts' (missing from your logrotate.d/) this means that the 'postrotate' is only run once after all files have been handled, and not after every file.
Code: | /var/log/mail.log /var/log/mail.err /var/log/mail.warn {
missingok
notifempty
weekly
rotate 3
compress
sharedscripts
postrotate
/etc/init.d/postfix reload > /dev/null 2>&1 || true
endscript
} |
HTH & best ... khay |
|
Back to top |
|
|
gentoonaut n00b
Joined: 13 Aug 2012 Posts: 2 Location: Austria
|
Posted: Wed Aug 15, 2012 5:47 pm Post subject: |
|
|
thx khayyam!
I tried many things, but never though about that wildcard. :/
That was probably the reason. I just changed my config. Many thx for your example, i had for sure some strange configuration.
I'm pretty sure that it works now. Finally i could solve the problem
thx again. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|