Bug#643960: Broken log rotation
On 01/10/2011 09:24, Richard Kettlewell wrote:
Package: inn2
Version: 2.5.2+20110413-1+b1
I have the following in my news.daily report:
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.crit:
Permission denied
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.err: Permission
denied
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.notice:
Permission denied
The reason is that these files are owned by syslog.adm:
-rw-r--r-- 1 syslog adm 0 May 15 04:15 /var/log/news/news.crit
-rw-r--r-- 1 syslog adm 1059 Aug 20 13:20 /var/log/news/news.err
-rw-r--r-- 1 syslog adm 6399076 Oct 1 09:10 /var/log/news/news.notice
This is enforced by the syslogd package (every time it starts up).
rsyslog does not do this (yet). So for people who can accept changing
to a different syslogd, a workaround is to use that instead of sysklogd.
The way in which inn's scanlogs attempts to rotate the logs is as follows:
## Copy syslog files, truncating old inode since syslog has it open.
for F in ${SYSLOGS}; do
rm -f ${F}.old
cp ${F} ${F}.old
cat /dev/null ${F}
done
This would be broken even if the cat didn't fail due to the file
permissions - if a message is logged after the copy but before the cat
then it will be lost. Better would be to rename the file aside, create a
new one and signal syslogd to make it re-open it - except that all this
runs as news so cannot signal syslogd.
This part of the bug remains even with rsyslog.
One possible option would be a userv service to allow the news user to
send a SIGHUP to [r]syslogd.
ttfn/rjk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
Hi Russ, In the Debian package, would it be possible to use norotate as argument for news.daily (in sample inn2 crontab) and provide a logrotate entry for standard Debian logrotate program? I do not think so, since the two actions need to be coordinated. Could news.daily do its analysis on the .0 version of the logs after being rotated by logrotate? Some coordination is still needed, but not a lot. I have not thoroughly looked at the code but I do not see why news.daily/scanlogs could not use .0 versions. Yet, are we sure that logrotate will always generate these files? (If a user changes the configuration of logrotate, it could break log analysis.) Would a new rotate=program option to news.daily be usable for Debian? We could then skip the rotation part of news.daily/scanlogs and run instead program. rotate=logrotate inn2 may be used for Debian, with a proper /etc/logrotate.d/inn2 configuration file. Does it sound good? I can have a look at it, if it is usable by Debian (and probably other distributions, that have a similar logrotate program). -- Julien ÉLIE « Le travail n'est pas une bonne chose. Si ça l'était, les riches l'auraient accaparé. » -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
Julien ÉLIE jul...@trigofacile.com writes: I have not thoroughly looked at the code but I do not see why news.daily/scanlogs could not use .0 versions. Yet, are we sure that logrotate will always generate these files? (If a user changes the configuration of logrotate, it could break log analysis.) Yeah, but... I think at some level we have to make some documented assumptions about log rotation and go with that. As long as there's a comment somewhere in the inn2 configuration file telling people what to do if they want to change it, I think this is okay. Would a new rotate=program option to news.daily be usable for Debian? We could then skip the rotation part of news.daily/scanlogs and run instead program. rotate=logrotate inn2 may be used for Debian, with a proper /etc/logrotate.d/inn2 configuration file. But we'd need to convince logrotate to not also run the inn2 configuration when it runs normally from cron.daily. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
On Oct 02, Russ Allbery r...@debian.org wrote: assumptions about log rotation and go with that. As long as there's a comment somewhere in the inn2 configuration file telling people what to do if they want to change it, I think this is okay. The problem is that somebody may change the logrotate configuration (e.g. moving it after news.daily is run) without knowing about INN. But we'd need to convince logrotate to not also run the inn2 configuration when it runs normally from cron.daily. It already ignores the news.* files. -- ciao, Marco signature.asc Description: Digital signature
Bug#643960: Broken log rotation
Hi Marco,
assumptions about log rotation and go with that. As long as there's a
comment somewhere in the inn2 configuration file telling people what to do
if they want to change it, I think this is okay.
The problem is that somebody may change the logrotate configuration
(e.g. moving it after news.daily is run) without knowing about INN.
Could news.daily be run by a postrotate section in logrotate?
We could imagine to run news.daily with the norotate keyword in this case.
But we'd need to convince logrotate to not also run the inn2 configuration
when it runs normally from cron.daily.
It already ignores the news.* files.
If I run man logrotate on Lenny (I have not checked on Squeeze), I read:
/var/log/news/news.crit {
monthly
rotate 2
olddir /var/log/news/old
missingok
postrotate
kill -HUP ‘cat /var/run/inn.pid‘
endscript
nocompress
}
I wonder why this example is given in the documentation. It will give
unwise ideas for dealing with inn2 log files at the moment.
Hopefully no default inn2 configuration is shipped by default.
--
Julien ÉLIE
« Le travail n'est pas une bonne chose. Si ça l'était, les riches
l'auraient accaparé. »
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
Package: inn2
Version: 2.5.2+20110413-1+b1
I have the following in my news.daily report:
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.crit:
Permission denied
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.err: Permission
denied
/usr/lib/news/bin/scanlogs: line 135: /var/log/news/news.notice:
Permission denied
The reason is that these files are owned by syslog.adm:
-rw-r--r-- 1 syslog adm 0 May 15 04:15 /var/log/news/news.crit
-rw-r--r-- 1 syslog adm1059 Aug 20 13:20 /var/log/news/news.err
-rw-r--r-- 1 syslog adm 6399076 Oct 1 09:10 /var/log/news/news.notice
This is enforced by the syslogd package (every time it starts up).
The way in which inn's scanlogs attempts to rotate the logs is as follows:
## Copy syslog files, truncating old inode since syslog has it open.
for F in ${SYSLOGS}; do
rm -f ${F}.old
cp ${F} ${F}.old
cat /dev/null ${F}
done
This would be broken even if the cat didn't fail due to the file
permissions - if a message is logged after the copy but before the cat
then it will be lost. Better would be to rename the file aside, create
a new one and signal syslogd to make it re-open it - except that all
this runs as news so cannot signal syslogd.
I'm not sure what the right answer is overall. inn2 and syslogd need to
cooperate somehow to rotate the logs at the right point in a way that
doesn't lose any log messages.
ii inn2 2.5.2+20110413-1+b 'InterNetNews' news server
ii sysklogd 1.5-6.1System Logging Daemon
ttfn/rjk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
On Oct 01, Richard Kettlewell r...@greenend.org.uk wrote: -rw-r--r-- 1 syslog adm 0 May 15 04:15 /var/log/news/news.crit -rw-r--r-- 1 syslog adm1059 Aug 20 13:20 /var/log/news/news.err -rw-r--r-- 1 syslog adm 6399076 Oct 1 09:10 /var/log/news/news.notice This is enforced by the syslogd package (every time it starts up). Since when? inn has always cooperated with the standard syslogd. This would be broken even if the cat didn't fail due to the file permissions - if a message is logged after the copy but before the cat then it will be lost. Better would be to rename the file aside, create a new one and signal syslogd to make it re-open it - except that all this runs as news so cannot signal syslogd. Yes, everybody knows this. So it is not going to change soon... -- ciao, Marco signature.asc Description: Digital signature
Bug#643960: Broken log rotation
Hi Marco and Richard, This would be broken even if the cat didn't fail due to the file permissions - if a message is logged after the copy but before the cat then it will be lost. Better would be to rename the file aside, create a new one and signal syslogd to make it re-open it - except that all this runs as news so cannot signal syslogd. Yes, everybody knows this. So it is not going to change soon... In the Debian package, would it be possible to use norotate as argument for news.daily (in sample inn2 crontab) and provide a logrotate entry for standard Debian logrotate program? It would do the trick, wouldn't it? or am I missing something? Basically, scanlogs performs two kinds of actions: a few files are copied for backup purpose (like the active file) and a few files are rotated. P.-S.: If something needs being changed in scanlogs (reorganization of code or new arguments to use) so that using logrotate in Debian is eased, do not hesitate to tell. INN 2.5.3 will be released this month. -- Julien ÉLIE « – Où vous croyez-vous ici ? – Où je me trouve, je sais. » (Astérix) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
On 01/10/2011 09:30, Marco d'Itri wrote: On Oct 01, Richard Kettlewellr...@greenend.org.uk wrote: -rw-r--r-- 1 syslog adm 0 May 15 04:15 /var/log/news/news.crit -rw-r--r-- 1 syslog adm1059 Aug 20 13:20 /var/log/news/news.err -rw-r--r-- 1 syslog adm 6399076 Oct 1 09:10 /var/log/news/news.notice This is enforced by the syslogd package (every time it starts up). Since when? It's the behavior of the sysklogd package in sid. I assume it was introduced in 1.5-6.1 but I don't know for sure. ttfn/rjk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643960: Broken log rotation
On Oct 01, Julien ÉLIE jul...@trigofacile.com wrote: In the Debian package, would it be possible to use norotate as argument for news.daily (in sample inn2 crontab) and provide a logrotate entry for standard Debian logrotate program? I do not think so, since the two actions need to be coordinated. I see a suid wrapper as a more plausible solution (and it is not much of one...). -- ciao, Marco signature.asc Description: Digital signature
Bug#643960: Broken log rotation
m...@linux.it (Marco d'Itri) writes: On Oct 01, Julien ÉLIE jul...@trigofacile.com wrote: In the Debian package, would it be possible to use norotate as argument for news.daily (in sample inn2 crontab) and provide a logrotate entry for standard Debian logrotate program? I do not think so, since the two actions need to be coordinated. Could news.daily do its analysis on the .0 version of the logs after being rotated by logrotate? Some coordination is still needed, but not a lot. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
