On 09/11/2012 10:41 AM, Rob Crittenden wrote:
> Dmitri Pal wrote:
>> On 09/11/2012 08:18 AM, Christian Horn wrote:
>>> On Mon, Sep 10, 2012 at 06:07:57PM -0400, Dmitri Pal wrote:
>>>> Does anyone use logrotate?
>>> Not yet, indeed good idea.
>>>> Have you seen something else that would be valuable for others to
>>>> consider when configuring logrotate with IPA?
>>> IPA has many services writing to independent files. Having these
>>> logs collected in a central place seems to be a common desire.
>>> For DNS syslog is used and can directly log to a remote location.
>>> For the other services the best idea so far seems to be to have
>>> a cronjob which uses rsync/ssh to centrally store the logs.
>>> This can be implemented without much further thought.
>>> If logrotate is used on the IPA servers, but also longer logs
>>> should be kept on the central server, further thoughts would
>>> be needed here..
>>> Thats the only relevant thing coming to mind for the topic.
>> Collecting log centrally is a separate topic.
>> I want to focus on the logrotate configuration and potential issues
>> people might have or have had in the past related to logrotate causing
>> IPA to fail.
> logrotate is being used by every IPA user today unless they have
> configured it to NOT be used. There are default logrotate rules for
> named, httpd, tomcat6, sssd and krb5kdc. 389-ds-base does its own log
> rotation AFAIU.
So how it happened that someone configured logrotate to run as a
different user and caused DS instance not to start?
I want to understand what we can do to prevent such situations.
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list