If this is all true, then I would hit it by a solution that is more violent.
Why not freeing oneself of all conventions and let a cron script stop the OpenVPN server(s), compress the old logfile tagging it with timeframe name and creating a new cat /dev/null > /var/log/openvpn. After all this starting OpenVPN server(s) again. Of course in order not to wait for those individual I/O expensive tasks one would move the old logfile, rename it and compress it in parallel with creating a new logfile and starting the OpenVPN server again. The OpenVPN clients should automatically reconnect after some time. This solution would also have the benefit of testing the OpenVPN clients for proper reconnecting after connection loss (which you can not rule out anyway). Having such a process queue where a compressed logfile falls off at the end for a specific timeframe, say for a day (24h), would then enable you to forward it to another scripts for later processing, to filter out errors for example, like someone's client certificate expired and that error message could trigger an automated message sent to the admin to renew the certificate or even do that right away if user is not on a blacklist somewhere. On Wed, 24 Apr 2019 08:49:52 +0000 Arthur Böhm <arthur.bo...@outlook.com> wrote: > Hello guys, > > I'm running two openvpn servers on FreeBSD 11.2 and would like to > have a log rotation as the messages get flooded. > > In the newsyslog.conf there is an entry for log rotation every > midnight and the process gets a SIGUSR1 signal to do a "softrestart" > as described in the openvpn man pages. This should have the effect to > tell the openvpn service the logfile got removed/renamed, in our case > zipped and moved. > > This is the line from newsyslog.conf: > > /var/log/openvpn 644 30 * @T00 > JN /var/run/openvpn.pid 30 > > In the openvpn.conf the logging is enabled: > > log /var/log/openvpn > > > Here is the problem: > As soon as the log rotation happens, a new logfile is created and the > logging STOPS immediately. No logs in the new file. I tried to send > the SIGUSR1 signal manually and reset the openvpn service, but this > doesn't have any affect. When I restart the service in the usual > manner a new file gets created and logging is fine. > > I read already lots of topics in the openvpn mailinglist but there > was no clear solution to this problem. > > Best, > Arthur -- Lars Schotte Mudroňova 13 92101 Piešťany Slovakia _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
