Log rotation / newsyslog / apache not reloaded

[Zbigniew Szalbot]

Hello,

I have the following lines in my /etc/newsyslog.conf

/var/log/*-access.log   644  30*@T00  JCG
/var/log/*-error.log644  30*@T00  JCG

Man newsyslog.conf says:  
If this field (signal_number) is not present, then a SIGHUP signal 
will be sent.

My problem is that while the apache logs are rotated as specified in 
the newsyslog.conf file, the apache server is not reloaded which 
causes it to write log entries to the now compressed files.

Which flag should I specify to make sure apache is reloaded during 
log rotation? Thank you very much in advance!

Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Log rotation / newsyslog / apache not reloaded

[Zbigniew Szalbot]

On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote:

 Hello,
 
 I have the following lines in my /etc/newsyslog.conf
 
 /var/log/*-access.log   644  30*@T00  JCG
 /var/log/*-error.log644  30*@T00  JCG

I added /var/run/httpd.pid at the end of both lines and will see if 
that helps.

Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Log rotation / newsyslog / apache not reloaded

[Morgan Wesström]

On 2010-04-15 12:08, Zbigniew Szalbot wrote:
 On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote:
 
 Hello,

 I have the following lines in my /etc/newsyslog.conf

 /var/log/*-access.log   644  30*@T00  JCG
 /var/log/*-error.log644  30*@T00  JCG
 
 I added /var/run/httpd.pid at the end of both lines and will see if 
 that helps.
 
 Zbigniew Szalbot
 

Alternatively you can use sysutils/cronolog which will eliminate the
need to restart Apache entirely. Apache's configuration file allows you
to pipe your logs to sysutils/cronolog (or any other external program)
which in turn can be configured to split the logs almost any way you
like. This is very convenient, especially if you run many vhosts which
normally will turn nywsyslog.conf into a mess. The man page explains it
in detail.
http://cronolog.org/download/cronolog.pdf

Regards
Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Log rotation / newsyslog / apache not reloaded

[Matthew Seaman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 15/04/2010 11:08:14, Zbigniew Szalbot wrote:
 On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote:
 
 Hello,

 I have the following lines in my /etc/newsyslog.conf

 /var/log/*-access.log   644  30*@T00  JCG
 /var/log/*-error.log644  30*@T00  JCG
 
 I added /var/run/httpd.pid at the end of both lines and will see if 
 that helps.

I use this:

/var/log/httpd-access.log 644 3 100 * J /var/run/httpd.pid 30
/var/log/httpd-error.log  644 3 100 * J /var/run/httpd.pid 30

Signal 30 (SIGUSR1) causes Apache to do a graceful restart which is less
disruptive for anyone using the web site, but it can result in a few log
records being lost during the restart.  If you're going to be running a
busy website, then it's better to use rotatelogs(1) (comes with apache)
or cronolog(1) (in ports) to cycle the log files.  Neither of those
handles compressing or deleteing old log files, but a trivial cron job
will deal with that.

Cheers,

Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvG6vkACgkQ8Mjk52CukIw4UgCfaMG9vpDTeMAvhCQ+MaBlgTEh
EbMAmgOI246i1nFgb7EuM6qVBbXqGVC8
=Tama
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

apache halting during log rotation

[Robin Becker]

I have the following in my newsyslog.conf



/var/log/httpd-*.log644  9 8@T01BG /var/run/httpd.pid 30


and am seeing crashes with apache-2.0.63_2 which I think are associated.

The relevant error log entries appear to be these lines


[Thu Apr 02 01:00:00 2009] [notice] Graceful restart requested, doing restart
[Thu Apr 02 01:00:00 2009] [emerg] (2)No such file or directory: Couldn't 
initialize cross-process lock in child
[Thu Apr 02 01:00:00 2009] [emerg] (2)No such file or directory: Couldn't 
initialize cross-process lock in child
[Thu Apr 02 01:00:00 2009] [notice] FastCGI: process manager initialized (pid 
93707)
[Thu Apr 02 01:00:01 2009] [warn] RSA server certificate CommonName (CN) 
`*.xxx.org' does NOT match server name!?
[Thu Apr 02 01:00:01 2009] [warn] RSA server certificate CommonName (CN) 
`*.xxx.org' does NOT match server name!?

...

[Thu Apr 02 01:00:01 2009] [warn] RSA server certificate wildcard CommonName 
(CN) `*.xxx.org' does NOT match server name!?
[Thu Apr 02 01:00:01 2009] [notice] Apache/2.0.63 (FreeBSD) mod_fastcgi/2.4.6 
mod_ssl/2.0.63 OpenSSL/0.9.8e configured -- resuming normal operations
[Thu Apr 02 01:00:01 2009] [alert] Child 93701 returned a Fatal error... Apache 
is exiting!
[Thu Apr 02 01:00:01 2009] [alert] FastCGI: read() from pipe failed (0)
[Thu Apr 02 01:00:01 2009] [alert] FastCGI: the PM is shutting down, Apache 
seems to have disappeared - bye


I have used this rotation scheme with 6.0/6.1/6.2 for some years and it has 
never failed till the last few days when I'm now running 7.0-RELEASE. Can anyone 
adivise what could be done to ameliorate this.


I see mention of rotatelogs, is that a better solution to this problem?
--
Robin Becker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: [squid-users] log rotation

[Zbigniew Szalbot]

Hello,

On Wed, 25 Jul 2007 18:50:27 +0545, Tek Bahadur Limbu
[EMAIL PROTECTED] wrote:
 Zbigniew Szalbot wrote:
 Hello,

 I have looked at wiki but cannot find information about log rotation
 (access  store logs).

 How can I do this? Or is it simply a matter of defining log rotation in
 newsyslog.conf (I am on a FreeBSD system)?
 
 Hi Zbigniew,
 
 Go to:
 
 (1.) cd  /usr/ports/sysutils/logrotate
 
 (2.) make install clean
 
 (3.) cd /usr/local/etc
 
 (4.) vi /usr/local/etc/logrotate.conf
 
 Put the following in logrotate.conf

Thank you very much indeed! But I managed in a (I think simpler way by
adding 
/usr/local/squid/logs/access.logsquid:squid 644  7   *   @T00  
J   /usr/local/squid/logs/squid.pid  30
to newsyslog.conf

But I appreciate such a thorough description!

Warm regards,

Zbigniew Szalbot

 
 # Start of logrotate.conf ###
 
 # rotate log files weekly
 #weekly
 daily
 
 # keep 4 weeks worth of backlogs
 rotate 7
 
 # send errors to root
 #errors root
 
 # create new (empty) log files after rotating old ones
 create
 
 # uncomment this if you want your log files compressed
 compress
 
 # RPM packages drop log rotation information into this directory
 include /usr/local/etc/logrotate.d
 
 /var/log/lastlog {
  monthly
  rotate 12
 }
 
  End of logrotate.conf ##
 
 (5.) mkdir -p /usr/local/etc/logrotate.d/
 
 (6.) cd /usr/local/etc/logrotate.d/
 
 (7.) vi /usr/local/etc/logrotate.d/squid
 
 Put the following:
 
 ###Start of squid#
 
 /var/log/squid/access.log {
  daily
  rotate 90
  copytruncate
  compress
  notifempty
  missingok
 }
 /var/log/squid/cache.log {
  daily
  rotate 7
  copytruncate
  compress
  notifempty
  missingok
 }
 
 
 (8.)  /usr/local/sbin/logrotate -d /usr/local/etc/logrotate.conf
 
 (9.)  /usr/local/sbin/logrotate -f /usr/local/etc/logrotate.conf
 
 If some errors are reported, it's normal, just create or touch the
 relevant files or directories.
 
 (10.) vi /etc/crontab
 
 Put the following:
 
 0 1 * * *   root/usr/local/sbin/logrotate
 /usr/local/etc/logrotate.conf  /dev/null 21
 
 
 (11.) If all works well, you are good to go!!!
 
 
 Of course, the other simple way of doing this is to run:
 
 squid -k rotate
 
 from /etc/crontab
 
 0  1 * * * root squid -k rotate
 
 Thanking you...
 
 

 Thank you!

 
 
 --
 
 With best regards and good wishes,
 
 Yours sincerely,
 
 Tek Bahadur Limbu
 
 (TAG/TDG Group)
 Jwl Systems Department
 
 Worldlink Communications Pvt. Ltd.
 
 Jawalakhel, Nepal
 
 http://www.wlink.com.np
-- 
Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

log rotation recommendations

[Jeffrey Goldberg]

Hello,

Having recently moved from Linux (SuSE) to FreeBSD (6.2-p3) I'm  
wondering what the recommended way of rotating logs (principally  
postfix and apache).  I see that logrotate, with which I'm familiar,  
is in ports.  I also see that there is a file /etc/newsyslog.conf,  
but it looks like newsyslog(8) only knows about HUPping syslogd.


If there is no conventional BSD way of doing this, I'll just  
install logrotate and go with what I know, but I thought I would  
check here first.


Thanks,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation recommendations

[Matthew Seaman]

Jeffrey Goldberg wrote:

 Having recently moved from Linux (SuSE) to FreeBSD (6.2-p3) I'm
 wondering what the recommended way of rotating logs (principally postfix
 and apache).  I see that logrotate, with which I'm familiar, is in
 ports.  I also see that there is a file /etc/newsyslog.conf, but it
 looks like newsyslog(8) only knows about HUPping syslogd.

Not so.  The optional 7th field in /etc/newsyslog.conf can contain a
file name to read a PID out of: that PID will be signalled when the
log is rotated. The optional 8th column can contain the signal number
to use -- by default SIGHUP is sent.  The newsyslog.conf(5) man page
explains all this in great detail.

Certainly for apache, you might alternatively consider the use of
rotatelogs(8) (comes with apache) or cronolog(8) (in ports as
sysutils/cronolog).  Or, indeed, logrotate if that's what you prefer.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature

Re: log rotation recommendations

[Lars Kristiansen]

Matthew Seaman skrev:

Jeffrey Goldberg wrote:


Having recently moved from Linux (SuSE) to FreeBSD (6.2-p3) I'm
wondering what the recommended way of rotating logs (principally postfix
and apache).  I see that logrotate, with which I'm familiar, is in
ports.  I also see that there is a file /etc/newsyslog.conf, but it
looks like newsyslog(8) only knows about HUPping syslogd.


Not so.  The optional 7th field in /etc/newsyslog.conf can contain a
file name to read a PID out of: that PID will be signalled when the
log is rotated. The optional 8th column can contain the signal number
to use -- by default SIGHUP is sent.  The newsyslog.conf(5) man page
explains all this in great detail.

Certainly for apache, you might alternatively consider the use of
rotatelogs(8) (comes with apache) or cronolog(8) (in ports as
sysutils/cronolog).  Or, indeed, logrotate if that's what you prefer.


It is also possible to put a call for newsyslog within a script.
Then you can do your preferred preprocessing,
call newsyslog with a specialized config for the event,
which should take care of HUPing the application,
and then do postprocessing like moving files to folders,
renaming to include the date or whatever.

Regards,
Lars


Cheers,

Matthew



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation recommendations

[Roger Olofsson]

Hello Jeffrey,

I am not familiar with logrotate but my newsyslog.conf rotates whatever 
I want just fine. As an example I have this for a small almost unused 
apache:


/var/log/httpd-access.log   644  7 1000 24B 
/var/run/httpd.pid 30
/var/log/httpd-error.log644  7 1000 24B 
/var/run/httpd.pid 30


You might want to adjust size settings etc and this can be found in the 
man page for newsyslog.conf.


Good luck!



Jeffrey Goldberg skrev:

Hello,

Having recently moved from Linux (SuSE) to FreeBSD (6.2-p3) I'm 
wondering what the recommended way of rotating logs (principally postfix 
and apache).  I see that logrotate, with which I'm familiar, is in 
ports.  I also see that there is a file /etc/newsyslog.conf, but it 
looks like newsyslog(8) only knows about HUPping syslogd.


If there is no conventional BSD way of doing this, I'll just install 
logrotate and go with what I know, but I thought I would check here first.


Thanks,

-j


--Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]



--No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.17/731 - Release Date: 
2007-03-23 15:27




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Apache log rotation question...

[Brown, Steve]

I am using cronolog to handle the logging end of apache.  Cronolog basically 
takes care of the logging for apache, allowing you much more flexibility with 
the logging options.  

Assuming..
1. You have cronolog installed
2. /path/to/your/logs/vhost1/ is a valid path

A sample Apache config line would read (main or virtual host context):

   ErrorLog |cronolog /path/to/your/logs/vhost1/%Y%m%d_error.log
   CustomLog |cronolog /path/to/your/logs/vhost1/%Y%m%d_access.log combined

I this example, you will generate logs with the names 20061108_error.log and 
20061108_access.log respectively and each day (midnight server time) cronolog 
will auto-gen new ones as soon as apache sends it something to log.  Using this 
method, cronolog is doing the logging for Apache specifically the way when 
where and how you want it negating the need for further scripting and 
manipulating of the logs afterward.

Hope that helps.
Steve

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Philip
Hallstrom
Sent: Friday, November 03, 2006 3:21 PM
To: Curtis Jewell
Cc: [EMAIL PROTECTED]
Subject: Re: Apache log rotation question...


 I'm wondering if I can safely use newsyslog with a newsyslog.conf with these 
 lines in it:

I don't know the answer to your question, but you might look at 
cronolog...

http://www.freebsd.org/cgi/url.cgi?ports/sysutils/cronolog/pkg-descr




 /var/log/httpd/access_log/*644  1 *$W0D0 G
 /var/log/httpd/error_log/* 644  1 *$W0D0 G
 /var/log/httpd/ssl_request.log 644  1 *$W0D0
 /var/log/httpd/error.log   644  1 *$W0D0
 # After this point should be one line...
 /var/log/httpd/access.log  644  1 *$W0D0 - 
 /var/run/httpd.pid 30

 or if not, what should I do instead?

 (I have 4 separate vhosts that keep their access logs in the first 2 
 directories)

 For the record, I want weekly rotation on Sundays at midnight (I assume JST, 
 since I have my time set to local time, which is JST [GMT+9, no DST]), 
 keeping 1 log, (the way I read the fine manuals, I'll have to have a cron job 
 bzip2 it up later and move it aside if I want to keep more and/or compress 
 them) permissions 644 with the owner being root:wheel, no size check, and the 
 last part of the last line should send a SIGUSR1 (30) signal to Apache, which 
 should do the equivalent of a 'apachectl -k graceful' per 
 http://httpd.apache.org/docs/2.2/stopping.html.

 My question really is, does newsyslog send the signal at the right time 
 [after the rotation is done, per 
 http://httpd.apache.org/docs/2.2/logs.html#rotation] and does it do the lines 
 in order???)

 - --Curtis

 - -- Curtis Jewell
 [EMAIL PROTECTED]

 Killed enough? ... Yes, Your Highness, I think we all have.
  --John Patrick Ryan (from 'The Sum Of All Fears', Tom Clancy)

 [I use Pine, which deliberately does not display colors and pictures
 in HTML mail]
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.5 (FreeBSD)

 iD8DBQFFS6ByvCi+150VKIMRAs6PAKDOOvnARxXKUTY5dvNrob3gl9+aZACdG+P+
 Uz0GrVe1p5MNuRPwiTbBXxY=
 =lTB2
 -END PGP SIGNATURE-
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Apache log rotation question...

[Curtis Jewell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I'm wondering if I can safely use newsyslog with a newsyslog.conf with 
these lines in it:


/var/log/httpd/access_log/*644  1 *$W0D0 G
/var/log/httpd/error_log/* 644  1 *$W0D0 G
/var/log/httpd/ssl_request.log 644  1 *$W0D0
/var/log/httpd/error.log   644  1 *$W0D0
# After this point should be one line...
/var/log/httpd/access.log  644  1 *$W0D0 - 
/var/run/httpd.pid 30

or if not, what should I do instead?

(I have 4 separate vhosts that keep their access logs in the first 2 
directories)


For the record, I want weekly rotation on Sundays at midnight (I assume 
JST, since I have my time set to local time, which is JST [GMT+9, no 
DST]), keeping 1 log, (the way I read the fine manuals, I'll have to have 
a cron job bzip2 it up later and move it aside if I want to keep more 
and/or compress them) permissions 644 with the owner being root:wheel, no 
size check, and the last part of the last line should send a SIGUSR1 (30) 
signal to Apache, which should do the equivalent of a 'apachectl -k 
graceful' per http://httpd.apache.org/docs/2.2/stopping.html.


My question really is, does newsyslog send the signal at the right time 
[after the rotation is done, per 
http://httpd.apache.org/docs/2.2/logs.html#rotation] and does it do the 
lines in order???)


- --Curtis

- -- 
Curtis Jewell

[EMAIL PROTECTED]

Killed enough? ... Yes, Your Highness, I think we all have.
  --John Patrick Ryan (from 'The Sum Of All Fears', Tom Clancy)

[I use Pine, which deliberately does not display colors and pictures
in HTML mail]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFS6ByvCi+150VKIMRAs6PAKDOOvnARxXKUTY5dvNrob3gl9+aZACdG+P+
Uz0GrVe1p5MNuRPwiTbBXxY=
=lTB2
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation question...

[Philip Hallstrom]

I'm wondering if I can safely use newsyslog with a newsyslog.conf with these 
lines in it:


I don't know the answer to your question, but you might look at 
cronolog...


http://www.freebsd.org/cgi/url.cgi?ports/sysutils/cronolog/pkg-descr





/var/log/httpd/access_log/*644  1 *$W0D0 G
/var/log/httpd/error_log/* 644  1 *$W0D0 G
/var/log/httpd/ssl_request.log 644  1 *$W0D0
/var/log/httpd/error.log   644  1 *$W0D0
# After this point should be one line...
/var/log/httpd/access.log  644  1 *$W0D0 - 
/var/run/httpd.pid 30


or if not, what should I do instead?

(I have 4 separate vhosts that keep their access logs in the first 2 
directories)


For the record, I want weekly rotation on Sundays at midnight (I assume JST, 
since I have my time set to local time, which is JST [GMT+9, no DST]), 
keeping 1 log, (the way I read the fine manuals, I'll have to have a cron job 
bzip2 it up later and move it aside if I want to keep more and/or compress 
them) permissions 644 with the owner being root:wheel, no size check, and the 
last part of the last line should send a SIGUSR1 (30) signal to Apache, which 
should do the equivalent of a 'apachectl -k graceful' per 
http://httpd.apache.org/docs/2.2/stopping.html.


My question really is, does newsyslog send the signal at the right time 
[after the rotation is done, per 
http://httpd.apache.org/docs/2.2/logs.html#rotation] and does it do the lines 
in order???)


- --Curtis

- -- Curtis Jewell
[EMAIL PROTECTED]

Killed enough? ... Yes, Your Highness, I think we all have.
 --John Patrick Ryan (from 'The Sum Of All Fears', Tom Clancy)

[I use Pine, which deliberately does not display colors and pictures
in HTML mail]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFS6ByvCi+150VKIMRAs6PAKDOOvnARxXKUTY5dvNrob3gl9+aZACdG+P+
Uz0GrVe1p5MNuRPwiTbBXxY=
=lTB2
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation question...

[Garance A Drosehn]

At 5:02 AM +0900 11/4/06, Curtis Jewell wrote:


My question really is, does newsyslog send the signal at the right
time [after the rotation is done, per
  http://httpd.apache.org/docs/2.2/logs.html#rotation ]
and does it do the lines in order???)


You can see what it will do by running newsyslog with the options
of `-nv' to see what it would do, without it doing anything.
Eg:
 newsyslog -nvvf /tmp/newsyslog.conf

In your case you'd first want to use a different time in the entries
you've added, just so the time to rotate is this hour (ie, whatever
hour it is that you're running the program...).  So, do that, and
then run:
 newsyslog -nvf /tmp/newsyslog.conf

You'll see that it first rotates all files that should be rotated
for this run, then sends all signals it is supposed to send, then
waits 10 seconds or so, and finally it compresses any of the
old-files that it should compress.

If you have a set of files which are all written to by a single
process, then you should add the '/var/run/httpd.pid' to the
newsyslog entry for *every* file that process writes to.  The
way newsyslog handles things, it will only send a single signal
to any given process id, even if several different files from
that process were rotated.  Since all files have been rotated
before the process is signalled, the process will only need to
be signalled one time.

Try the run with '-nv' to see exactly how it would work.

--
Garance Alistair Drosehn =   [EMAIL PROTECTED]
Senior Systems Programmer   or   [EMAIL PROTECTED]
Rensselaer Polytechnic Institute; Troy, NY;  USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation, one process doesn't know about it

[Zbigniew Szalbot]

Hello,

On Sat, 21 Oct 2006, Zbigniew Szalbot wrote:


Do one of the following:
1) Configure both exim and dovecot to log through syslog with the same
  facility.  Then configure syslogd to put that facility in the file
  you want.


What I had to do to make it work was to remove
log_path = /var/log/exim/mainlog
from Dovecot configuration file leaving 
syslog_facility = mail intact.


Now Dovecot and exim happily write to /var/log/exim/mainlog

Thank you for your suggestions!

--
Zbigniew Szalbot
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

log rotation, one process doesn't know about it

[Zbigniew Szalbot]

Hello,

I have set up dovecot to log its data to the same log as exim does. This 
works fine till midnight when it comes to log rotation. Then exim still 
logs to its log but dovecot ignores it.


Now, I have done the homework, found that there is newsyslog.conf and read 
about flags. And I have the following entry in this file:


/var/log/exim/mainlog   mailnull:mail   640  60*@T00  ZC

I used to have a flag ZN but I read that the N flag actually makes syslogd 
ignore to inform other processes about a new file being rotated.


So I removed it and left only Z, restarted syslogd, but no joy after 
midnight. I then added C out of sheer dispair but dovecot still ignores 
the new log after midnight.


Could anyone suggest what I should do in order to make this work as 
intended?


Many thanks in advance!

--
Zbigniew Szalbot
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation, one process doesn't know about it

[Bill Moran]

On Sat, 21 Oct 2006 09:33:34 +0200 (CEST)
Zbigniew Szalbot [EMAIL PROTECTED] wrote:

 Hello,
 
 I have set up dovecot to log its data to the same log as exim does. This 
 works fine till midnight when it comes to log rotation. Then exim still 
 logs to its log but dovecot ignores it.
 
 Now, I have done the homework, found that there is newsyslog.conf and read 
 about flags. And I have the following entry in this file:
 
 /var/log/exim/mainlog   mailnull:mail   640  60*@T00  ZC
 
 I used to have a flag ZN but I read that the N flag actually makes syslogd 
 ignore to inform other processes about a new file being rotated.
 
 So I removed it and left only Z, restarted syslogd, but no joy after 
 midnight. I then added C out of sheer dispair but dovecot still ignores 
 the new log after midnight.
 
 Could anyone suggest what I should do in order to make this work as 
 intended?

Do one of the following:
1) Configure both exim and dovecot to log through syslog with the same
   facility.  Then configure syslogd to put that facility in the file
   you want.
2) Put exim and dovecot log data in seperate files and configure
   newsyslog to rotate both of those files.  If dovecot needs restarted
   in order to handle log rotation, be sure to put dovecot's PID file in
   the last column.

Personally, I do #1 -- all my mail programs log to /var/log/maillog, but
either will work.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation, one process doesn't know about it

[Zbigniew Szalbot]

Hello,

On Sat, 21 Oct 2006, Bill Moran wrote:


Do one of the following:
1) Configure both exim and dovecot to log through syslog with the same
  facility.  Then configure syslogd to put that facility in the file
  you want.


As FBSD is still new to me, I am trying to understand what it would 
involve. Exim is configured to log to /var/log/exim/mainlog. In the 
newsyslog.conf I have


/var/log/exim/mainlog mailnull:mail 640 60 * @T00 ZC

Does it mean exim uses syslogd? It is not obvious to me. If it does, how 
can I do the same with dovecot? In dovecot.conf I have the path pointing 
to /var/log/exim/mainlog. If I want to use syslogd, do I have to write to 
/var/log/maillog?


I want to get it right using the first solution. Thank you very much 
for your patience with me!



--
Zbigniew Szalbot
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation, one process doesn't know about it

[Bill Moran]

In response to Zbigniew Szalbot [EMAIL PROTECTED]:

 Hello,
 
 On Sat, 21 Oct 2006, Bill Moran wrote:
 
  Do one of the following:
  1) Configure both exim and dovecot to log through syslog with the same
facility.  Then configure syslogd to put that facility in the file
you want.
 
 As FBSD is still new to me, I am trying to understand what it would 
 involve. Exim is configured to log to /var/log/exim/mainlog. In the 
 newsyslog.conf I have
 
 /var/log/exim/mainlog mailnull:mail 640 60 * @T00 ZC
 
 Does it mean exim uses syslogd? It is not obvious to me. If it does, how 
 can I do the same with dovecot? In dovecot.conf I have the path pointing 
 to /var/log/exim/mainlog. If I want to use syslogd, do I have to write to 
 /var/log/maillog?
 
 I want to get it right using the first solution. Thank you very much 
 for your patience with me!

You're asking all the wrong questions.  Take a step back and do a little
reading, it's not really hard once you know what order to go in.

First, read the man pages for syslogd and syslog.conf.  The high-level
explanation is that syslogd accepts messages from many places and handles
them according to its configuration.  syslogd and newsyslog are two
different programs, despite the similarities in their names, they are
independent.

Next, research the program logger, which is a simple tool to send messages
to syslogd.  Experiment a bit to get a feel for how messages are being
handled, and gain an understanding of facilities and levels.

From there, both Dovecot and Exim will both have configuration parameters
to tell them _how_ to log.  Looking at my Dovecot config, I didn't have
to change anything to have it log to syslogd with facility mail.  I don't
use Exim, so I can't speak to the details of its config.

If you have specific questions, post to the list.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Apache log rotation

[Olivier Nicole]

Hi,

If one install Apache from the ports, the logs go in /var/log, namely
in:

ssl_request_log
httpd-access.log
ssl_engine_log
httpd-error.log

Is there a clean way to rotate these logs a la newsyslog?

I know I can use newsyslog to rotate them, but then how to notify
Apache to use the new log files? I don't expect a signal HUP sent to
httpd would be enough.

Best regards,

Olivier


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation

[Jonathan Chen]

On Wed, Oct 19, 2005 at 03:54:15PM +0700, Olivier Nicole wrote:

[...]
 Is there a clean way to rotate these logs a la newsyslog?
 
 I know I can use newsyslog to rotate them, but then how to notify
 Apache to use the new log files? I don't expect a signal HUP sent to
 httpd would be enough.

It is. All you need to make sure that only the last line has the HUP
to the httpd, as newsyslog works from top to bottom. eg:

/var/log/apache/httpd-access.log644  12*$M1D0 BN
/var/log/apache/httpd-error.log 644  12*$M1D0 B   /var/run/httpd.pid

Cheers.
-- 
Jonathan Chen [EMAIL PROTECTED]
--
   Lots of folks confuse bad management with destiny
 - Kin Hubbard
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation

[Rob Pitt]

Sending HUP is fine.

Olivier Nicole wrote:


Hi,

If one install Apache from the ports, the logs go in /var/log, namely
in:

ssl_request_log
httpd-access.log
ssl_engine_log
httpd-error.log

Is there a clean way to rotate these logs a la newsyslog?

I know I can use newsyslog to rotate them, but then how to notify
Apache to use the new log files? I don't expect a signal HUP sent to
httpd would be enough.

Best regards,

Olivier


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
 



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation

[Nicolas Blais]

On October 19, 2005 04:54 am, Olivier Nicole wrote:
 Hi,

 If one install Apache from the ports, the logs go in /var/log, namely
 in:

 ssl_request_log
 httpd-access.log
 ssl_engine_log
 httpd-error.log

 Is there a clean way to rotate these logs a la newsyslog?

 I know I can use newsyslog to rotate them, but then how to notify
 Apache to use the new log files? I don't expect a signal HUP sent to
 httpd would be enough.

 Best regards,

 Olivier


I use ports/sysutils/cronolog/ which does a great job transparently.

Nicolas.
-- 
FreeBSD 7.0-CURRENT #0: Sat Oct 15 12:09:14 EDT 2005 
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/CLK01A 
PGP? : http://www.clkroot.net/security/nb_root.asc


pgpHDhINjG4hf.pgp
Description: PGP signature

Re: Apache log rotation

[Garance A Drosehn]

At 10:00 PM +1300 10/19/05, Jonathan Chen wrote:

On Wed, Oct 19, 2005 at 03:54:15PM +0700, Olivier Nicole wrote:

[...]

 Is there a clean way to rotate these logs a la newsyslog?

 I know I can use newsyslog to rotate them, but then how to notify
 Apache to use the new log files? I don't expect a signal HUP sent to
 httpd would be enough.


It is. All you need to make sure that only the last line has the HUP
to the httpd, as newsyslog works from top to bottom. eg:

/var/log/apache/httpd-access.log644  12*$M1D0 BN
/var/log/apache/httpd-error.log 644  12*$M1D0 B 
/var/run/httpd.pid


*ALL* lines should include the HUP request.  In the above example
you are rotating at an explicit time, but many people also depend
on the size of the file.  If they do depend on the size of the
file, then the above trick will not always work.

It used to be that you had to do some trick like the above to avoid
sending multiple HUP's to the process.  I changed that so that the
same process can be specified on many log files, and newsyslog will
first rotate all files which need rotating, and then send a single
signal to the process.  So now there is no problem caused by
specifying the same process on multiple entries in newsyslog.conf .

--
Garance Alistair Drosehn =  [EMAIL PROTECTED]
Senior Systems Programmer   or   [EMAIL PROTECTED]
Rensselaer Polytechnic Institute; Troy, NY;  USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Apache Log Rotation Statistics

[Gadi Golan]

Hi,
What I am looking for here is some advice on what will be the best
ways to acomplish what I have in mind.  What I hope to acomplish
follows, so any thoughts on how to do it, or if it is complex or
impossible would be very helpful.

I have Apache 2.x running with a collection of virtual hosts, each
logging to their own access.log file.  I want to offer log statistics
to all of my virtual hosts on an individual basis.  I want them to be
able to go to say log.theirdomain.com or www.theirdomain.com/log and
be able to view the statistics for their site from day x, week y,
month z, year k, whatever.  Ideally these logs will be stored
compressed and in a directory specific to their virtual domain.

I am sorry if I am not explaining this 100%, please feel free to ask
me to clarify myself.

Thanks much,

Gadi Golan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache Log Rotation Statistics

[Colin J. Raven]

On Jan 12 at 18:03, Gadi Golan wondered aloud:


 I have Apache 2.x running with a collection of virtual hosts, each
 logging to their own access.log file.  I want to offer log statistics
 to all of my virtual hosts on an individual basis.  I want them to be
 able to go to say log.theirdomain.com or www.theirdomain.com/log and
 be able to view the statistics for their site from day x, week y,
 month z, year k, whatever.  Ideally these logs will be stored
 compressed and in a directory specific to their virtual domain.

Well, just some thoughts straight out of the box:

Since you have individual logs for each virtual site, logrotate should 
do much of what you're aiming for I believe.
If you don't already have it installed it's in; 
/usr/ports/sysutils/logrotate

There's a ton of highly useful stuff in the logrotate man pages, 
although I use few of the possibilities myself, and really when I think 
about it, ought to use more. Here's something that is apropos of your 
situation: (from man logrotate)

The file you're immediately concerned with in the beginning BTW is:
/etc/logrotate.conf

CONFIGURATION FILE
logrotate  reads  everything  about the log files it should be 
handling from the series of configuration files specified on the 
command  line.
Each configuration file can set global options (local definitions 
over-ride global ones, and later  definitions  override  earlier 
ones)  and specify  a  logfile  to  rotate. A simple configuration file 
looks like this:

# sample logrotate configuration file
compress

/var/log/messages {
rotate 5
weekly
postrotate
  /sbin/killall -HUP syslogd
endscript
}

/var/log/httpd/access.log /var/log/httpd/error.log {
rotate 5
mail [EMAIL PROTECTED]
size=100k
sharedscripts
postrotate
  /sbin/killall -HUP httpd
endscript
}

/var/log/news/news.crit {
monthly
rotate 2
olddir /var/log/news/old
missingok
postrotate
  kill -HUP `cat /var/run/inn.pid`
endscript
nocompress

As you can see, there is much which you can use here. Logrotate is a 
powerful utility and may be perfect for your purposes.

Good luck  HTH,
-Colin
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache Log Rotation Statistics

[Eric F Crist]

On Jan 12, 2005, at 5:03 PM, Gadi Golan wrote:
Hi,
What I am looking for here is some advice on what will be the best
ways to acomplish what I have in mind.  What I hope to acomplish
follows, so any thoughts on how to do it, or if it is complex or
impossible would be very helpful.
I have Apache 2.x running with a collection of virtual hosts, each
logging to their own access.log file.  I want to offer log statistics
to all of my virtual hosts on an individual basis.  I want them to be
able to go to say log.theirdomain.com or www.theirdomain.com/log and
be able to view the statistics for their site from day x, week y,
month z, year k, whatever.  Ideally these logs will be stored
compressed and in a directory specific to their virtual domain.
I am sorry if I am not explaining this 100%, please feel free to ask
me to clarify myself.
Thanks much,
Gadi Golan
I would recommend webalizer in the ports.  If you read through the 
documentation, you specify the logfile and destination of each run, so 
you could have multiple configurations and cron jobs to compute the 
stats for you.

Let me know if you have any more questions.  IIRC, you can see an 
example at www.webalizer.org.

HTH
___
Eric F Crist  I am so smart, S.M.R.T!
Secure Computing Networks  -Homer J Simpson


PGP.sig
Description: This is a digitally signed message part

Re: Apache log rotation problems

[Brian Clapper]

On 8 July, 2004, at 22:46 (-0400)
Bill Moran [EMAIL PROTECTED] wrote:

 Graham North [EMAIL PROTECTED] wrote:

  Hello all:
 
  There has to be a simple fix to this problem - I am using newsyslog and cron
  to rotate my Apache logfiles.They get rotated and Apache keeps working
  however after a log rotation takes place Apache will not longer log my
  accesses.   It does continue to serve pages but I need to do an apachectl
  restart in order for it to continue logging properly.
 
  newsyslog.conf and crontab files are attached for reference.

 You need to restart apache to get it to start logging to a new file.  Luckily,
 newsyslog can do this for you.

 With the default Apache install, Apache will log its PID to a file when it
 starts, just add this filename (/var/run/httpd.pid) to the end of each
 newsyslog entry that rotates an apache file, and newsyslog will automatically
 send a HUP signal to that PID when the log file is rotated

 See the man pages for newsyslog for more detailed info.

Another option is to use the sysutils/cronolog port. Configure it in
httpd.conf, with ErrorLog and CustomLog directives similar to the
following:


ErrorLog |/usr/local/sbin/cronolog --symlink=/var/log/httpd/error_log 
/var/log/httpd/error_log_%y%m%d

CustomLog |/usr/local/sbin/cronolog --symlink=/var/log/httpd/access_log 
/var/log/httpd/access_log_%y%m%d combined


cronolog will rotate logs automatically each day. From the cronlog man page:

   Before writing a message cronolog checks the time to  see  whether  the
   current  log file is still valid and if not it closes the current file,
   expands the template using the current date and time to generate a  new
   file name, opens the new file (creating missing directories on the path
   of the new log file as needed  unless  the  program  is  compiled  with
   -DDONT_CREATE_SUBDIRS)  and  calculates  the time at which the new file
   will become invalid.

See the man page for further details.

I've been using it for awhile on my public web server. Seems to work just fine.

-Brian

Brian Clapper, http://www.clapper.org/bmc/
Scott's first Law: No matter what goes wrong, it will probably look right.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache log rotation problems

[Bill Moran]

Graham North [EMAIL PROTECTED] wrote:

 Hello all:
 
 There has to be a simple fix to this problem - I am using newsyslog and cron
 to rotate my Apache logfiles.They get rotated and Apache keeps working
 however after a log rotation takes place Apache will not longer log my
 accesses.   It does continue to serve pages but I need to do an apachectl
 restart in order for it to continue logging properly.
 
 newsyslog.conf and crontab files are attached for reference.

You need to restart apache to get it to start logging to a new file.  Luckily,
newsyslog can do this for you.

With the default Apache install, Apache will log its PID to a file when it
starts, just add this filename (/var/run/httpd.pid) to the end of each
newsyslog entry that rotates an apache file, and newsyslog will automatically
send a HUP signal to that PID when the log file is rotated

See the man pages for newsyslog for more detailed info.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Apache log rotation problems

[Andras Kende]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham North
Sent: Thursday, July 08, 2004 9:32 PM
To: [EMAIL PROTECTED]; Matthew Seaman
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Matthew Seaman
Subject: Apache log rotation problems

Hello all:

There has to be a simple fix to this problem - I am using newsyslog and cron
to rotate my Apache logfiles.They get rotated and Apache keeps working
however after a log rotation takes place Apache will not longer log my
accesses.   It does continue to serve pages but I need to do an apachectl
restart in order for it to continue logging properly.

newsyslog.conf and crontab files are attached for reference.

Any help and suggestions greatly appreciated.
Regards,  Graham/


Hello,

Try something like this:

newsyslog.conf:
/var/log/httpd-access.log  644  2   *   @T00   B   /var/run/httpd.pid 30


More info:
http://www.freebsddiary.org/rotatelogs.php


Best regards,

Andras Kende
http://www.kende.com



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Ipmon security log rotation

[Gareth Bailey]

I start ipmon at boot time with /sbin/ipmon -D
/var/log/security. Ipmon works fine but seems to stop
logging entries to the security logfile when it is rotated.

newsyslog.conf sets mode to 700, which should be fine since
ipmon is run as root (i think?)

How could i correct this?

Thanks
Gareth
_
For super low premiums ,click here http://www.dialdirect.co.za/quote
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Ipmon security log rotation

[Alex de Kruijff]

On Fri, Jun 25, 2004 at 02:15:50PM +0200, Gareth Bailey wrote:
 I start ipmon at boot time with /sbin/ipmon -D
 /var/log/security. Ipmon works fine but seems to stop
 logging entries to the security logfile when it is rotated.
 
 newsyslog.conf sets mode to 700, which should be fine since
 ipmon is run as root (i think?)

The file doesn't have to be executed so it should be 600.

Cron runs newsyslog. It send the output by mail (root accound by
default). What does the output say?

 How could i correct this?

This is my line:
/var/log/security   600  3 100  * Z

I don't run ipmon, so it could be that you need to give the pid file
afther it.

-- 
Alex

Articles based on solutions that I use:
http://www.kruijff.org/alex/FreeBSD/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Ipmon security log rotation

[JJB]

If you are saying that you have /sbin/ipmon -D /var/log/security
on the rc.conf statement, then you are telling it to do 2
conflicting things. The /var/log/security part needs to be removed.
It's telling ipmon to use manual log file after you tell with -d to
use syslog log function.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gareth
Bailey
Sent: Friday, June 25, 2004 8:16 AM
To: [EMAIL PROTECTED]
Subject: Ipmon  security log rotation

I start ipmon at boot time with /sbin/ipmon -D
/var/log/security. Ipmon works fine but seems to stop
logging entries to the security logfile when it is rotated.

newsyslog.conf sets mode to 700, which should be fine since
ipmon is run as root (i think?)

How could i correct this?

Thanks
Gareth

_
For super low premiums ,click here http://www.dialdirect.co.za/quote
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Ipmon security log rotation

[Gareth Bailey]

The -D flag tells it to run as daemon. Starting ipmon with
ipmon_flags=-D /var/log/security in rc.conf works fine.
It logs to security as required. The problem comes in when
the /var/log/security file is rotated by newsyslog. After
this occurs, logging stop all together even though ipmon is
still running!

Thanks
Gareth

On Fri, 25 Jun 2004 08:52:40 -0400
 JJB [EMAIL PROTECTED] wrote:
 If you are saying that you have /sbin/ipmon -D
 /var/log/security
 on the rc.conf statement, then you are telling it to do 2
 conflicting things. The /var/log/security part needs to
 be removed.
 It's telling ipmon to use manual log file after you tell
 with -d to
 use syslog log function.
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 Gareth
 Bailey
 Sent: Friday, June 25, 2004 8:16 AM
 To: [EMAIL PROTECTED]
 Subject: Ipmon  security log rotation
 
 I start ipmon at boot time with /sbin/ipmon -D
 /var/log/security. Ipmon works fine but seems to stop
 logging entries to the security logfile when it is
 rotated.
 
 newsyslog.conf sets mode to 700, which should be fine
 since
 ipmon is run as root (i think?)
 
 How could i correct this?
 
 Thanks
 Gareth


 _
 For super low premiums ,click here
 http://www.dialdirect.co.za/quote
 ___
 [EMAIL PROTECTED] mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]
 

_
For super low premiums ,click here http://www.dialdirect.co.za/quote
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Ipmon security log rotation

[Dick Davies]

You need to either tell newsyslog the pidfile, so it can HUP
ipmon, or just get it to use syslog (in which case newsyslog
doesn't need to HUP it at all).

* Gareth Bailey [EMAIL PROTECTED] [0616 14:16]:
 The -D flag tells it to run as daemon. Starting ipmon with
 ipmon_flags=-D /var/log/security in rc.conf works fine.
 It logs to security as required. The problem comes in when
 the /var/log/security file is rotated by newsyslog. After
 this occurs, logging stop all together even though ipmon is
 still running!
 
 Thanks
 Gareth
 
 On Fri, 25 Jun 2004 08:52:40 -0400
  JJB [EMAIL PROTECTED] wrote:
  If you are saying that you have /sbin/ipmon -D
  /var/log/security
  on the rc.conf statement, then you are telling it to do 2
  conflicting things. The /var/log/security part needs to
  be removed.
  It's telling ipmon to use manual log file after you tell
  with -d to
  use syslog log function.
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of
  Gareth
  Bailey
  Sent: Friday, June 25, 2004 8:16 AM
  To: [EMAIL PROTECTED]
  Subject: Ipmon  security log rotation
  
  I start ipmon at boot time with /sbin/ipmon -D
  /var/log/security. Ipmon works fine but seems to stop
  logging entries to the security logfile when it is
  rotated.
  
  newsyslog.conf sets mode to 700, which should be fine
  since
  ipmon is run as root (i think?)
  
  How could i correct this?
  
  Thanks
  Gareth
 
 
  _
  For super low premiums ,click here
  http://www.dialdirect.co.za/quote
  ___
  [EMAIL PROTECTED] mailing list
 
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
  [EMAIL PROTECTED]
  
 
 _
 For super low premiums ,click here http://www.dialdirect.co.za/quote
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 

-- 
A straw vote only shows which way the hot air blows.
-- O'Henry
Rasputin :: Jack of All Trades - Master of Nuns
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Ipmon security log rotation

[Gareth Bailey]

Thanks Dick,

Giving ipmon -Ds flags and directing messages to the
security file using local0.* seems to be the answer.
Specifying a pid file in newsyslog.conf gave errors about
not being able to HUP ipmon.

Cheers,
Gareth

On Fri, 25 Jun 2004 14:24:41 +0100
 Dick Davies [EMAIL PROTECTED] wrote:
 You need to either tell newsyslog the pidfile, so it can
 HUP
 ipmon, or just get it to use syslog (in which case
 newsyslog
 doesn't need to HUP it at all).
 
 * Gareth Bailey [EMAIL PROTECTED] [0616 14:16]:
  The -D flag tells it to run as daemon. Starting ipmon
 with
  ipmon_flags=-D /var/log/security in rc.conf works
 fine.
  It logs to security as required. The problem comes in
 when
  the /var/log/security file is rotated by newsyslog.
 After
  this occurs, logging stop all together even though
 ipmon is
  still running!
  
  Thanks
  Gareth
  
  On Fri, 25 Jun 2004 08:52:40 -0400
   JJB [EMAIL PROTECTED] wrote:
   If you are saying that you have /sbin/ipmon -D
   /var/log/security
   on the rc.conf statement, then you are telling it to
 do 2
   conflicting things. The /var/log/security part needs
 to
   be removed.
   It's telling ipmon to use manual log file after you
 tell
   with -d to
   use syslog log function.
   
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] Behalf
 Of
   Gareth
   Bailey
   Sent: Friday, June 25, 2004 8:16 AM
   To: [EMAIL PROTECTED]
   Subject: Ipmon  security log rotation
   
   I start ipmon at boot time with /sbin/ipmon -D
   /var/log/security. Ipmon works fine but seems to
 stop
   logging entries to the security logfile when it is
   rotated.
   
   newsyslog.conf sets mode to 700, which should be fine
   since
   ipmon is run as root (i think?)
   
   How could i correct this?
   
   Thanks
   Gareth
  
 


   _
   For super low premiums ,click here
   http://www.dialdirect.co.za/quote
   ___
   [EMAIL PROTECTED] mailing list
  
 

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
   To unsubscribe, send any mail to
   [EMAIL PROTECTED]
   
  
 

_
  For super low premiums ,click here
 http://www.dialdirect.co.za/quote
  ___
  [EMAIL PROTECTED] mailing list
 

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
 [EMAIL PROTECTED]
  
 
 -- 
 A straw vote only shows which way the hot air blows.
   -- O'Henry
 Rasputin :: Jack of All Trades - Master of Nuns

_
For super low premiums ,click here http://www.dialdirect.co.za/quote
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)

[Bart Silverstrim]

On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote:

On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:
Hope this is of some use:

snip
Clamd log rotation:

first and foremost, make sure that clamav is gonna drop a pidfile.  in
/usr/local/etc/clamav.conf, uncomment:
# This option allows you to save the process identifier of the 
listening
# daemon (main thread).
PidFile /var/run/clamd.pid

then, add the following (one line) to /etc/newsyslog.conf

/var/log/clamd.log  644  3 *$W0D1 BJ \
 /var/run/clamd.pid  1
this will rotate the log once a week, keep 3 of them (current log +3
weeks).  it will also compress the old one with bzip2 and SIGHUP the
clamd process.  seems to work just fine for me, running clamav-devel 
on
-current (Mar 3 or so right now)

Here's what I got:

# ls -lrt /var/log/clamd*
-rw-r-  1 clamav  clamav  0 Mar 17 06:00 /var/log/clamd.log
-rw-r-  1 clamav  clamav  35873 Mar 17 09:00 /var/log/clamd.log.0
# tail -n 6 /var/log/clamd.log.0
Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK.
Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened.
Wed Mar 17 06:00:00 2004 - ERROR: accept() failed.
Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK.
Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK.
Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK.
# portversion -v clamav*
 clamav-0.67.1   =  up-to-date with port
Hmm, just saw a submission to -ports for an update to 0.70-rc, looks
like that version is needed to have the SIGHUP handling (according to
its NEWS file).

I suppose the next question is, how *should* I be doing the log 
rotation (if I do a ports update and it does indeed update to 
.70)...what entries in the newsyslog.conf file should be made and what, 
if anything, needs to be entered into the clamav file?

I don't want to mix workaround for not continuing to log old method 
with new works with sighup method...

Thanks everyone!
-Bart
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)

[Wayne Sierke]

On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote:
 Hope this is of some use:
 
snip
 
 Clamd log rotation:
 
 first and foremost, make sure that clamav is gonna drop a pidfile.  in 
 /usr/local/etc/clamav.conf, uncomment:
 
 # This option allows you to save the process identifier of the listening
 # daemon (main thread).
 PidFile /var/run/clamd.pid
 
 then, add the following (one line) to /etc/newsyslog.conf
 
 /var/log/clamd.log644  3 *$W0D1 BJ \
  /var/run/clamd.pid  1
 
 this will rotate the log once a week, keep 3 of them (current log +3 
 weeks).  it will also compress the old one with bzip2 and SIGHUP the 
 clamd process.  seems to work just fine for me, running clamav-devel on 
 -current (Mar 3 or so right now)
 
Here's what I got:

# ls -lrt /var/log/clamd*
-rw-r-  1 clamav  clamav  0 Mar 17 06:00 /var/log/clamd.log
-rw-r-  1 clamav  clamav  35873 Mar 17 09:00 /var/log/clamd.log.0

# tail -n 6 /var/log/clamd.log.0
Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK.
Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened.
Wed Mar 17 06:00:00 2004 - ERROR: accept() failed.
Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK.
Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK.
Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK.

# portversion -v clamav*
 clamav-0.67.1   =  up-to-date with port


Hmm, just saw a submission to -ports for an update to 0.70-rc, looks
like that version is needed to have the SIGHUP handling (according to
its NEWS file).


Wayne


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)

[Jonathan T. Sage]

Wayne Sierke wrote:

snip

Clamd log rotation:

first and foremost, make sure that clamav is gonna drop a pidfile.  in 
/usr/local/etc/clamav.conf, uncomment:

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid
then, add the following (one line) to /etc/newsyslog.conf

/var/log/clamd.log  644  3 *$W0D1 BJ \
/var/run/clamd.pid  1
this will rotate the log once a week, keep 3 of them (current log +3 
weeks).  it will also compress the old one with bzip2 and SIGHUP the 
clamd process.  seems to work just fine for me, running clamav-devel on 
-current (Mar 3 or so right now)

Here's what I got:

# ls -lrt /var/log/clamd*
-rw-r-  1 clamav  clamav  0 Mar 17 06:00 /var/log/clamd.log
-rw-r-  1 clamav  clamav  35873 Mar 17 09:00 /var/log/clamd.log.0
# tail -n 6 /var/log/clamd.log.0
Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK.
Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened.
Wed Mar 17 06:00:00 2004 - ERROR: accept() failed.
Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK.
Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK.
Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK.
# portversion -v clamav*
 clamav-0.67.1   =  up-to-date with port
Hmm, just saw a submission to -ports for an update to 0.70-rc, looks
like that version is needed to have the SIGHUP handling (according to
its NEWS file).


Ah.  yes, When I wrote this, i was using clamav-devel, and the SIGHUP 
handling works fine there.  thanks for the info though.

~j

--
Jonathan T. Sage
Theatrical Lighting / Set Designer
Professional Web Design
[HTTP://www.JTSage.com]
[EMAIL PROTECTED]
[See Headers for Contact Info]


signature.asc
Description: OpenPGP digital signature

Re: log rotation

[Wayne Sierke]

On Mon, 2004-03-15 at 10:37, Bart Silverstrim wrote:
 Quick questions:
 I've run across some mumblings in the ClamAV lists about Clamd not
 logging anymore (or not scanning anymore?) when the maximum
 logfile size is reached.  Is anyone in FreeBSD running this, and if so,
 are you using Newsyslog to rotate the logs?  What are your settings
 (how would I set it up)?
 
Having recently installed clamav I was interested in getting log
rotation enabled too (5.2-RELEASE). As an experiment I set the when
entry in newsyslog.conf to 1 hour. After the log rotation I'm not
getting any new entries written to the logfile. I believe I saw
somewhere someone claiming that logrotate was working for them (but
probably on Linux). Might have to try that instead.


Wayne

 Elaborations:
 I didn't know what would be a safe way to do this, since I also have
 an every-four-hour update running for the clamav and I didn't know
   what would happen if
 A) the update for the database falls at a moment when the log is
   rotating
 B) I didn't find the proper way to rotate the log so Clamd doesn't
 have an open file handle on a log being rotated and/or have clamd
 try writing to the file while it's being rotated
 C) how can clamd have the file rotated without being temporarily
 disabled running into problems because that disabled clamd may
 be called on in that period by amavisd-new to do a virus scan on
 a mail message...
 
 Anyone got a good log rotation scheme in place to handle this
 automatically without running into problems?
 
 Thanks!
 -Bart
 
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: log rotation

[Remko Lodder]

you can also write a script, cp -p the logfile and immediatly after that :
the file

cp -p oldfile newfile  : oldfile
this keeps the file descriptors intact and might work

Since i cannot test this, it's just a guess.

Cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Wayne Sierke
Verzonden: maandag 15 maart 2004 13:00
Aan: Bart Silverstrim
CC: FreeBSD Questions Mailing List
Onderwerp: Re: log rotation


On Mon, 2004-03-15 at 10:37, Bart Silverstrim wrote:
 Quick questions:
 I've run across some mumblings in the ClamAV lists about Clamd not
 logging anymore (or not scanning anymore?) when the maximum
 logfile size is reached.  Is anyone in FreeBSD running this, and if so,
 are you using Newsyslog to rotate the logs?  What are your settings
 (how would I set it up)?

Having recently installed clamav I was interested in getting log
rotation enabled too (5.2-RELEASE). As an experiment I set the when
entry in newsyslog.conf to 1 hour. After the log rotation I'm not
getting any new entries written to the logfile. I believe I saw
somewhere someone claiming that logrotate was working for them (but
probably on Linux). Might have to try that instead.


Wayne

 Elaborations:
 I didn't know what would be a safe way to do this, since I also have
 an every-four-hour update running for the clamav and I didn't know
   what would happen if
 A) the update for the database falls at a moment when the log is
   rotating
 B) I didn't find the proper way to rotate the log so Clamd doesn't
 have an open file handle on a log being rotated and/or have clamd
 try writing to the file while it's being rotated
 C) how can clamd have the file rotated without being temporarily
 disabled running into problems because that disabled clamd may
 be called on in that period by amavisd-new to do a virus scan on
 a mail message...

 Anyone got a good log rotation scheme in place to handle this
 automatically without running into problems?

 Thanks!
 -Bart

 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation

[Ruben de Groot]

On Mon, Mar 15, 2004 at 10:30:05PM +1030, Wayne Sierke typed:
 On Mon, 2004-03-15 at 10:37, Bart Silverstrim wrote:
  Quick questions:
  I've run across some mumblings in the ClamAV lists about Clamd not
  logging anymore (or not scanning anymore?) when the maximum
  logfile size is reached.  Is anyone in FreeBSD running this, and if so,
  are you using Newsyslog to rotate the logs?  What are your settings
  (how would I set it up)?
  
 Having recently installed clamav I was interested in getting log
 rotation enabled too (5.2-RELEASE). As an experiment I set the when
 entry in newsyslog.conf to 1 hour. After the log rotation I'm not
 getting any new entries written to the logfile. I believe I saw
 somewhere someone claiming that logrotate was working for them (but
 probably on Linux). Might have to try that instead.

Are you using syslogd for logging (LogSyslog in clamav.conf) ?
Log rotation through newsyslog is working fine here.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation

[Wayne Sierke]

On Mon, 2004-03-15 at 23:07, Ruben de Groot wrote:
 On Mon, Mar 15, 2004 at 10:30:05PM +1030, Wayne Sierke typed:
  On Mon, 2004-03-15 at 10:37, Bart Silverstrim wrote:
   Quick questions:
   I've run across some mumblings in the ClamAV lists about Clamd not
   logging anymore (or not scanning anymore?) when the maximum
   logfile size is reached.  Is anyone in FreeBSD running this, and if so,
   are you using Newsyslog to rotate the logs?  What are your settings
   (how would I set it up)?
   
  Having recently installed clamav I was interested in getting log
  rotation enabled too (5.2-RELEASE). As an experiment I set the when
  entry in newsyslog.conf to 1 hour. After the log rotation I'm not
  getting any new entries written to the logfile. I believe I saw
  somewhere someone claiming that logrotate was working for them (but
  probably on Linux). Might have to try that instead.
 
 Are you using syslogd for logging (LogSyslog in clamav.conf) ?
 Log rotation through newsyslog is working fine here.
 
Yes. Here are the entries from clamav.conf:

LogFile /var/log/clamd.log
#LogFileUnlock
#LogFileMaxSize 2M
LogTime
LogSyslog
#LogVerbose

and from newsyslog.conf:

/var/log/clamd.log clamav:clamav  640  12999  * J


Anything significant in there that you can see?


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: log rotation

[Bart Silverstrim]

On Mar 15, 2004, at 7:37 AM, Ruben de Groot wrote:

On Mon, Mar 15, 2004 at 10:30:05PM +1030, Wayne Sierke typed:
On Mon, 2004-03-15 at 10:37, Bart Silverstrim wrote:
Quick questions:
I've run across some mumblings in the ClamAV lists about Clamd not
logging anymore (or not scanning anymore?) when the maximum
logfile size is reached.  Is anyone in FreeBSD running this, and if 
so,
are you using Newsyslog to rotate the logs?  What are your settings
(how would I set it up)?

Having recently installed clamav I was interested in getting log
rotation enabled too (5.2-RELEASE). As an experiment I set the when
entry in newsyslog.conf to 1 hour. After the log rotation I'm not
getting any new entries written to the logfile. I believe I saw
somewhere someone claiming that logrotate was working for them (but
probably on Linux). Might have to try that instead.
Are you using syslogd for logging (LogSyslog in clamav.conf) ?
Log rotation through newsyslog is working fine here.
What is your clamav.conf and newsyslog config file setup? (and what 
release of FreeBSD?
I'm using 4.9-p3...should work, shouldn't it?)

Thanks!

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ClamAV Log Rotation (WAS: Antivirus suggestion...)

[Jonathan T. Sage]

Hope this is of some use:

Bart Silverstrim wrote:
I haven't tried it on Exim, but I've had mostly good luck with 
ClamAV (need to work on the log rotation question 
 I've posted previously about, though...)

Speaking of that log question, have you been able to prove 
(substantiate may be a better word) that this happens?  also note 
that newsyslog has the ability to -HUP a process when it rotates a 
log file (for details on how to do this, take a look at apache log 
rotation howtos).

I have been seeing several posts to the clamav-users list about it 
happening, that once it hits the quota limit for the logfile size 
that it will stop working.  Has it happened to me yet? no...my 
logfile hasn't reached the 5 meg limit yet :-)
I do need to find a way to rotate the log though.  I'm just waiting 
to find someone that can say yes, I'm running clamav, and using 
newsyslog to rotate the log, here's the line I use in the conf file 
to do it and here's the line I use in the clamav.conf file to get it 
to work...
  Hey, if you get a working rotation configuration for Clamd, please do
share! :-)  I've got a production server holding it's own in proving 
open source software is a viable alternative to the commercial fellas 
for our school district, and I don't need to have our mail system go 
belly up because of an overgrown logfile :-)
Clamd log rotation:

first and foremost, make sure that clamav is gonna drop a pidfile.  in 
/usr/local/etc/clamav.conf, uncomment:

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid
then, add the following (one line) to /etc/newsyslog.conf

/var/log/clamd.log  644  3 *$W0D1 BJ \
/var/run/clamd.pid  1
this will rotate the log once a week, keep 3 of them (current log +3 
weeks).  it will also compress the old one with bzip2 and SIGHUP the 
clamd process.  seems to work just fine for me, running clamav-devel on 
-current (Mar 3 or so right now)

~j

--
Jonathan T. Sage
Theatrical Lighting / Set Designer
Professional Web Design
[HTTP://www.JTSage.com]
[EMAIL PROTECTED]
[See Headers for Contact Info]


signature.asc
Description: OpenPGP digital signature

log rotation

[Bart Silverstrim]

Quick questions:
I've run across some mumblings in the ClamAV lists about Clamd not
logging anymore (or not scanning anymore?) when the maximum
logfile size is reached.  Is anyone in FreeBSD running this, and if so,
are you using Newsyslog to rotate the logs?  What are your settings
(how would I set it up)?
Elaborations:
I didn't know what would be a safe way to do this, since I also have
an every-four-hour update running for the clamav and I didn't know
 what would happen if
A) the update for the database falls at a moment when the log is
 rotating
B) I didn't find the proper way to rotate the log so Clamd doesn't
have an open file handle on a log being rotated and/or have clamd
try writing to the file while it's being rotated
C) how can clamd have the file rotated without being temporarily
disabled running into problems because that disabled clamd may
be called on in that period by amavisd-new to do a virus scan on
a mail message...
Anyone got a good log rotation scheme in place to handle this
automatically without running into problems?
Thanks!
-Bart
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Log Rotation

[Gerard Samuel]

In particular, Im looking to see if there is a FreeBSD way in 
rotating PostgreSQL logs.
Any advise would be appreciated.
Thanks

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Lowell Gilbert]

Gerard Samuel [EMAIL PROTECTED] writes:

 In particular, Im looking to see if there is a FreeBSD way in 
 rotating PostgreSQL logs.
 Any advise would be appreciated.

newsyslog(8) is part of the base system...

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area: 
resume/CV at http://be-well.ilk.org:8088/~lowell/resume/
username/password public
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Gerard Samuel]

On Sunday 28 December 2003 12:36 pm, Lowell Gilbert wrote:
 Gerard Samuel [EMAIL PROTECTED] writes:
  In particular, Im looking to see if there is a FreeBSD way in
  rotating PostgreSQL logs.
  Any advise would be appreciated.

 newsyslog(8) is part of the base system...

Yes, Im familiar with newsyslog, but Im not sure how it will play with 
rotating PostgreSQL's log file, as PostgreSQL seems to need some extra TLC 
when rotating the log while PostgreSQL is running.
http://www.postgresql.org/docs/7.3/interactive/logfile-maintenance.html
Ill have to let that sink in the brain, before I try messing with it.


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Scott W]

Gerard Samuel wrote:

On Sunday 28 December 2003 12:36 pm, Lowell Gilbert wrote:

Gerard Samuel [EMAIL PROTECTED] writes:

In particular, Im looking to see if there is a FreeBSD way in
rotating PostgreSQL logs.
Any advise would be appreciated.
newsyslog(8) is part of the base system...


Yes, Im familiar with newsyslog, but Im not sure how it will play with 
rotating PostgreSQL's log file, as PostgreSQL seems to need some extra TLC 
when rotating the log while PostgreSQL is running.
http://www.postgresql.org/docs/7.3/interactive/logfile-maintenance.html
Ill have to let that sink in the brain, before I try messing with it.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Just a guess here, but what the problem likely is is that Postgres keeps 
a file descriptor open to it's logfile, which means that 'simple' log 
rotation, eg just moving the original logfile to a backup name or 
gzipped file will break the logging as pg won't have a valid file 
descriptor any more.  This one's bit a project I worked on forever ago 
(on a production system! :-( ) running Solaris and Sybase...

The easy solution is to see if any of the log rotation scripts have the 
'right' behavior...if not, you can write your own script to do it, test 
it by rotating the logs and then intentionally doing something to 
produce log output (depending on your log level)...if you get the log 
output, everything's happy.  What it should be doing is this (and a side 
effect is you shouldn't run into log problems on other apps either):
1.  Copy the log file locally, using whatever naming convention you 
want, eg logname.(massaged date/time stamp like $(date | cut -f' '))
2.  Truncate the existing log via cat /dev/null  original logfile . 
This allows the logging progam to continue to log without an invalid fd..
3.  gzip or move the copied logfile to wherever, gzip it etc..

This is a simple solution, and has the potential to lose a few log 
entries due to the time from the completion of the original log copy 
until the original log file truncation is completed, but should be fine 
for home, non critical or low usage (meaning not logging 1000 
messages/minute) log filesthere's probably a better way to do this, 
probably logging via a pipe, but I don't know the specifics offhand...

HTH,

Scott

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Lowell Gilbert]

Scott W [EMAIL PROTECTED] writes:

 Just a guess here, but what the problem likely is is that Postgres
 keeps a file descriptor open to it's logfile, which means that
 'simple' log rotation, eg just moving the original logfile to a backup
 name or gzipped file will break the logging as pg won't have a valid
 file descriptor any more.  This one's bit a project I worked on
 forever ago (on a production system! :-( ) running Solaris and
 Sybase...
 
 The easy solution is to see if any of the log rotation scripts have
 the 'right' behavior...if not, you can write your own script to do it,
 test it by rotating the logs and then intentionally doing something to
 produce log output (depending on your log level)...if you get the log
 output, everything's happy. 

Postgres knows how to use syslog(8) for its logging, which is another
option also quite simple...
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Gerard Samuel]

On Sunday 28 December 2003 01:24 pm, Scott W wrote:
 This is a simple solution, and has the potential to lose a few log
 entries due to the time from the completion of the original log copy
 until the original log file truncation is completed, but should be fine
 for home, non critical or low usage (meaning not logging 1000
 messages/minute) log filesthere's probably a better way to do this,
 probably logging via a pipe, but I don't know the specifics offhand...


Seems ok to me, as its for a home setup.
But its always nice to know on what to do on a production system, when one 
gets thrown to the wolves.
Thanks for the tip...

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Gerard Samuel]

On Sunday 28 December 2003 01:34 pm, Lowell Gilbert wrote:
 Postgres knows how to use syslog(8) for its logging, which is another
 option also quite simple...


True.  I have to investigate this option...

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Marc Wiz]

On Sun, Dec 28, 2003 at 01:24:02PM -0500, Scott W wrote:
 
 The easy solution is to see if any of the log rotation scripts have the 
 'right' behavior...if not, you can write your own script to do it, test 
 it by rotating the logs and then intentionally doing something to 
 produce log output (depending on your log level)...if you get the log 
 output, everything's happy.  What it should be doing is this (and a side 
 effect is you shouldn't run into log problems on other apps either):
 1.  Copy the log file locally, using whatever naming convention you 
 want, eg logname.(massaged date/time stamp like $(date | cut -f' '))
 2.  Truncate the existing log via cat /dev/null  original logfile . 
 This allows the logging progam to continue to log without an invalid fd..
 3.  gzip or move the copied logfile to wherever, gzip it etc..
 

And it does help to check the documenation for the particular program
doing the logging to see if it has a way of switching the logs
via some external condition (e.g. a signal) or whether you can specify
when it should rotate the log.

Another possibility (although somewhat of a hack) is to stop the program,
rotate the log and then start the program up again.   Perhaps not for
a 24x7 environment but it does work.

Marc

-- 
Marc Wiz
[EMAIL PROTECTED]
Yes, that really is my last name.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Log Rotation

[Matthew Seaman]

On Sun, Dec 28, 2003 at 01:03:14PM -0500, Gerard Samuel wrote:
 
 Yes, Im familiar with newsyslog, but Im not sure how it will play with 
 rotating PostgreSQL's log file, as PostgreSQL seems to need some extra TLC 
 when rotating the log while PostgreSQL is running.
 http://www.postgresql.org/docs/7.3/interactive/logfile-maintenance.html
 Ill have to let that sink in the brain, before I try messing with it.

http://www.cronolog.org/ -- configure postgresql to log to stdout or
stderr and pipe the data into cronolog.  It will generate logfiles
based on the time  date, but you'll have to write a script to deal
with the oldest log files.

It's in ports as sysutils/cronolog

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Re: log rotation

[Chad Kline]

for i in /var/run/*.pid; do kill -1 `head -n 1 $i`; done

Thank you, this seems to have solved my problem nicely :)

 Since I upgraded to FreeBSD 4.7, I notice the
 following problem:

 Once a month when my log files rotate
 (simply gzipping the old, and the creating a new empty log file
 via a cron job) the log files stay empty.  all permissions and
 ownerships are correct.  it takes a reboot - then the
 daemons are able to fill up the new log files - but not
 until a reboot.
Daemons write logs to a file descriptor (fd) without a syscall it can't
change fd.
using mv on a local file system use rename(), so fd is the same, and
daemon fills this fd. Usually you can send a kill -HUP to the daemon to
make him look for a new fd.
tipically :
mv current.log old.log
fills old.log
kill -HUP pid of daemon
fills current.old
gzip -9 old.old
and it should work

clem


_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

log rotation

[Chad Kline]

Since I upgraded to FreeBSD 4.7, I notice the
following problem:
Once a month when my log files rotate
(simply gzipping the old, and the creating a new empty log file
via a cron job) the log files stay empty.  all permissions and ownerships 
are correct.  it takes a reboot - then the
daemons are able to fill up the new log files - but not
until a reboot.

I cannot understand how this could be or why.
Please reply off list if you have an answer.
_
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: log rotation

[Jonathan Chen]

On Sun, Mar 02, 2003 at 11:50:55PM +, Chad Kline wrote:
 
 Since I upgraded to FreeBSD 4.7, I notice the
 following problem:
 
 Once a month when my log files rotate
 (simply gzipping the old, and the creating a new empty log file
 via a cron job) the log files stay empty.  all permissions and ownerships 
 are correct.  it takes a reboot - then the
 daemons are able to fill up the new log files - but not
 until a reboot.

You should use newsyslog(8) and /etc/newsyslog.conf instead. Most loggers
(eg syslog) hold the file open for writes, and deleting the old one (by
gzipping) only removes the entry from the directory. The logger still
has it open and is still writing to the file (although you aren't able
to reference it anymore).
-- 
Jonathan Chen [EMAIL PROTECTED]
--
I don't want to achive immortality through my works..
 I want to achieve it through not dying - Woody Allen

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: log rotation

[Clement Laforet]

On Sun, 02 Mar 2003 23:50:55 +
Chad Kline [EMAIL PROTECTED] wrote:

 
 Since I upgraded to FreeBSD 4.7, I notice the
 following problem:
 
 Once a month when my log files rotate
 (simply gzipping the old, and the creating a new empty log file
 via a cron job) the log files stay empty.  all permissions and
 ownerships are correct.  it takes a reboot - then the
 daemons are able to fill up the new log files - but not
 until a reboot.

Daemons write logs to a file descriptor (fd) without a syscall it can't
change fd.
using mv on a local file system use rename(), so fd is the same, and
daemon fills this fd. Usually you can send a kill -HUP to the daemon to
make him look for a new fd.

tipically :
mv current.log old.log
fills old.log
kill -HUP pid of daemon
fills current.old
gzip -9 old.old

and it should work

clem

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message