On 09/11/2012 10:41 AM, Rob Crittenden wrote: > Dmitri Pal wrote: >> On 09/11/2012 08:18 AM, Christian Horn wrote: >>> Hi, >>> >>> On Mon, Sep 10, 2012 at 06:07:57PM -0400, Dmitri Pal wrote: >>>> Does anyone use logrotate? >>> Not yet, indeed good idea. >>> >>> >>>> Have you seen something else that would be valuable for others to >>>> consider when configuring logrotate with IPA? >>> IPA has many services writing to independent files. Having these >>> logs collected in a central place seems to be a common desire. >>> For DNS syslog is used and can directly log to a remote location. >>> >>> For the other services the best idea so far seems to be to have >>> a cronjob which uses rsync/ssh to centrally store the logs. >>> >>> This can be implemented without much further thought. >>> If logrotate is used on the IPA servers, but also longer logs >>> should be kept on the central server, further thoughts would >>> be needed here.. >>> >>> >>> Thats the only relevant thing coming to mind for the topic. >>> Christian >>> >> >> Collecting log centrally is a separate topic. >> I want to focus on the logrotate configuration and potential issues >> people might have or have had in the past related to logrotate causing >> IPA to fail. > > logrotate is being used by every IPA user today unless they have > configured it to NOT be used. There are default logrotate rules for > named, httpd, tomcat6, sssd and krb5kdc. 389-ds-base does its own log > rotation AFAIU. > > rob So how it happened that someone configured logrotate to run as a different user and caused DS instance not to start? I want to understand what we can do to prevent such situations.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
