Re: [Openvpn-users] logrotate

Mon, 03 Jul 2017 05:50:35 -0700 

On 03/07/17 14:11, Илья Шипицин wrote:
> 
> 
> 3 июл. 2017 г. 16:45 пользователь "Gert Doering" <g...@greenie.muc.de
> <mailto:g...@greenie.muc.de>> написал:
> 
>     Hi,
> 
>     On Mon, Jul 03, 2017 at 10:54:28AM +0000, Bonno Bloksma wrote:
>     > I remember asking this a long time ago and at the time there was
>     no "clean" way to rotate the openvpn log because the process would
>     keep the log open.
>     > I remember that at the time we compromised by doing a copy and
>     truncate trick.
>     >
>     > Is there a "proper" way now to use the Linux logrotate feature
>     without the copytruncate option?
> 
>     --syslog?
> 
> 
> syslog is not comfortable, for example, when running multiple openvpn
> instances on the same server
Nonsense.  IIRC, that's what Debian have been doing for a long time.
From the man page:

       --syslog [progname]
              Direct  log  output to system logger, but do
              not become a daemon.  See --daemon directive
              above for description of progname parameter.


       --daemon [progname]
              [...snip...]

              The  optional  progname parameter will cause
              OpenVPN to report its program  name  to  the
              system logger as progname.  This can be use‐
              ful in linking OpenVPN messages in the  sys‐
              log   file   with  specific  tunnels.   When
              unspecified, progname defaults to "openvpn".

So using --syslog "ovpn-tunnel1" in the configuration file, will make
all log entries appear as "ovpn-tunnel1".

With rsyslog and syslog-ng, you can also filter out these log entries
into a separate log file.  For rsyslog, look up "Property-Based Filters"
and "Expression-Based Filters".


That said, for systemd based distributions, I recommend using the newer
openvpn-server@.service or openvpn-client@.service unit files.  This
allows you to extract log information per configuration like this:

If you have your server configuration stored under
/etc/openvpn/server/tunnel1.conf ... all you need to do is (as well as
not using --log or --syslog in the configuration files)

    journalctl --since yesterday -u openvpn-server@tunnel1

Then you'll have automatic rotation included as well.


--
kind regards,

David Sommerseth

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to