Lets talk about log rotation!

[shannon]

Alright, so here I sit staring at a cPanel box that's been up and running for the last two months or so.. light usage so far, but I've got a few logfiles that are staring at me something fierce, and from what I see none of them are set to rotate out at any point:

[b:69f128c695]/var/log/xferlog = 25meg[/b:69f128c695]

Now I know this is the logfile for ProFTPd (The FTP Server).. and is currently NOT rotated by default on my RH7.2 installation... the 64 thousand dollar question becomes, can it be rotated? The ProFTPd people seem to say yes. ( according to this section of the manual http://proftpd.linux.co.uk/localsite/Userguide/linked/x356.html ).

But of course the real question is, will rotating these logs out regularly screw with any cPanel/WHM related functions? Do any cPanel/WHM functions/statsproggies/etc use this on a regular basis?

And possibly more importantly, what about these two fellows?

[b:69f128c695]/usr/local/apache/logs/error_log = ~50meg
/usr/local/apache/logs/access_log = ~9meg[/b:69f128c695]

Anyone got some experience rotating any of these they'd like to share with the group?

 

[Curious Too]

You need to create a file named &apache& and drop it in the /etc/logrotate.d directory. Here is a copy of my &apache& log rotation file:



/usr/local/apache/logs/access_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

/usr/local/apache/logs/agent_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

/usr/local/apache/logs/error_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

/usr/local/apache/logs/referer_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

/usr/local/apache/domlogs/* {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

 

[shannon]

yeah, I know [i:ec40de3c23]how[/i:ec40de3c23] to manage logrotate... my question is how is this going to affect cPanel? I know the domlogs are (apparently from what I've seen and read in other threads) used for calculating stats and whatnot, so touching them doesn't sound too safe, but the access_log, error_log and the xferlog from ftpd is what I'm really wondering about.. safe to rotate them? anybody?

 

[portman]

CPanel should be rotating domlogs one of the last three days of the month. However, it zeros out the files. If this is not happening it should be.

 

[nitromax]

Please Help!!!

Does anyone know how to rotate the SSL logs in /usr/local/apache/logs?

I want to rotate the following files:

ssl_log
ssl_engine_log
suexec_log

Also, how do you automatically deleted the older log files once they are rotated?

 

[Curt]

[quote:3afe1cabe9][i:3afe1cabe9]Originally posted by nitromax[/i:3afe1cabe9]

Does anyone know how to rotate the SSL logs in /usr/local/apache/logs?

I want to rotate the following files:

ssl_log
ssl_engine_log
suexec_log

Also, how do you automatically deleted the older log files once they are rotated?[/quote:3afe1cabe9]

I have the same question, these logs are getting quite large on my box and I am not sure why they are not rotaing out.

 

[omenoracle]

THANK YOU! Curious Too

Thank you very much for the excellent example!

You have saved my bacon.



-Sean

 

[jcsolutions]

Originally posted by Curious Too
/usr/local/apache/domlogs/* {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

I want to rotate one of my domain's logs daily. Would the following code be correct to use in my /etc/logrotate.d/apache file, and exactly when during each day is this file run?

/usr/local/apache/domlogs/domain.com {
missingok
rotate 7
daily
compress
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

As I understand it, this will do the following:
If the file domain.com is missing, it will just continue without error.
The file will be rotated 7 times, once each day.
Each file will be compressed.
... I have no idea what this will do ... /usr/bin/killall -HUP httpd 2& /dev/null || true

What will the the filename for the rotated (old log files) be called?

Thanks for any help!

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:

 

[jcsolutions]

Can anyone help with this? Please?

 

[kris1351]

We get this when trying to run the lograte like yorus:

/tmp/logrotate.m60o74: /dev/null: Permission denied
2: no process killed
/tmp/logrotate.htQJK5: /dev/null: Permission denied
2: no process killed
2: no process killed
/tmp/logrotate.kghkTF: /dev/null: Permission denied
/tmp/logrotate.ZaWAYj: /dev/null: Permission denied
2: no process killed


Any suggestions?

cPanel.net Support Ticket Number:

 

[kris1351]

Changed it to /etc/httpd instead of /usr/local and that fixed the problem. Now will the automatically run if configured in the logrotate.d or do I need to add something to the logrotate.conf?

Or should i do this:

/etc/httpd/domlogs/* {
monthly
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

cPanel.net Support Ticket Number:

 

[goodmove]

Originally posted by Curious Too
You need to create a file named &apache& and drop it in the /etc/logrotate.d directory. Here is a copy of my &apache& log rotation file:

/usr/local/apache/logs/access_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2& /dev/null || true
endscript
}

............

Can someone confirm that the sign on either side of the file name &apache& is actually an ampersand? The same goes for 2& /dev/null.

 

[rix]

try to use these

/usr/bin/killall -HUP httpd 2&> /dev/null || true

cPanel.net Support Ticket Number:

 

[payne]

FYI:

I found the following routine in cpanellogd, which is run once a day:

sub rotatelogs {
my($logsize);
my(@LOGS) = ("/usr/local/apache/logs/suexec_log",
"/usr/local/apache/logs/access_log",
"/usr/local/apache/logs/error_log",
"/usr/local/apache/logs/referer_log",
"/usr/local/apache/logs/agent_log",
"/usr/local/apache/logs/ssl_log",
"/etc/httpd/logs/error_log");
foreach my $filename (@LOGS) {
next if (! -f $filename);
my $size = (stat($filename))[7];
my $threehmegs = (1024*1024*300);
my $fivemegs = (1024*1024*5);
if ($size > $threehmegs) {
open(FILE,"$filename");
seek(FILE,($size-$fivemegs),0);
open(NFILE,">$filename.new");
while(<FILE>) {
print NFILE;
}
close(FILE);
close(NFILE);
unlink($filename);
system("mv","-f","$filename.new","$filename");
system("killall","-USR1","httpd");
print "Apache Log Cleaned { Size was: $size }\n";
}
}
}


This seems like a poor attempt by cpanel to keep some logfiles cut down to a manageable size.

What I see this doing is checking all of the mentioned log files to see if they are bigger than 300MB and then reducing them by 5MB if they are. This algorithm would break down if these logs grew more than 5MB/day. While it would be deleting *some* logs, it wouldn't keep up.

 

[myusername]

Did anyone ever come up with a good domlog rotator?

FYI if you use the [ code ] and [ /code ] tags we can see what your script is trying to say a bit better.

 

[eazistore]

Fix LogRotate Problems

Hi Guys,

I came across this article about fix log rotate oproblems.
http://www.webhostgear.com/144.html

I did make a backup copy before I made any changes.
So far there isn't any problem yet. But I am yet to see any result too.

Do you guys think this will help to fix log rotate problems?

 

[Jeff75]

Great article! Now does anyone know how to get it to clear all the logs in the /usr/local/apache/domlogs directory a few minutes after midnight on the first of every month?