Re: Newsyslog | Cronjob faulty? (fwd)
Jos, did you not get my response to your original query over a week ago? I see it made the list archives. Anyway this second time around, Robert Bonomi wins gold for the best guess, with even fewer clues to go on :-) cheers, Ian (who probably said too much, but doesn't resile) -- Forwarded message -- Date: Sat, 19 May 2012 05:03:23 +1000 (EST) From: Ian Smith To: Jos Chrispijn Cc: freebsd-questions@freebsd.org Subject: Re: Newsyslog | Cronjob faulty? In freebsd-questions Digest, Vol 415, Issue 4, Message: 12 On Wed, 16 May 2012 21:44:53 +0200 Jos Chrispijn wrote: > At midnight (00.00) I run this cronjob from my crontab: > > Crontab: > 00 * * * * rootnewsyslog By 'my' crontab, do you mean the system crontab, /etc/crontab ? If so, that's nearly but not quite the default syntax of: #minute hourmdaymonth wdaywho command # Rotate log files every hour, if necessary. 0 * * * * rootnewsyslog Note the single '0'. I don't know if '00' is valid. And it doesn't mean 'at midnight', it means whenever the minute is 0, any hour, any day, any month, any weekday; ie newsyslog is run hourly, on the hour. And the default entry in /etc/newsyslog.conf for maillog is: /var/log/maillog640 7 *@T00 JC So it's newsyslog using newsyslog.conf(5) that creates maillog if it doesn't yet exist, rotates it to maillog.0 at midnight (T00), thereafter compressing it with bzip2 (J). > For some reason this goes wrong; (if I run 'newsyslog' on any other > time, there is no error message). > > bzip2: Can't open input file /var/log/maillog.0: No such file or directory. > newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero > status (1) > > /var/log: > -rw-r- 1 rootwheel 63162 May 16 21:20 maillog > -rw-r- 1 rootwheel 109 May 16 00:00 maillog.0.bz2 > -rw-r- 1 rootwheel 73674 May 16 00:00 maillog.1 > -rw-r- 1 rootwheel 111 May 15 00:00 maillog.2.bz2 > -rw-r- 1 rootwheel 73050 May 15 00:00 maillog.3 > -rw-r- 1 rootwheel 109 May 14 00:00 maillog.4.bz2 > -rw-r- 1 rootwheel184042 May 14 00:00 maillog.5 > > Can somebody tell me what goes wrong here? Looks likely two instances of newsyslog racing at midnight; one makes maillog.0.bz2 from the just-rolled maillog.0, the other finds maillog.0 has disappeared before getting to run bzip2 on it? So, two files per day, and the above message? > On my other FreeBSD server the same cronjob goes ok... Check /etc/crontab and /etc/newsyslog.conf on both, and make sure you're not also trying to run a user crontab for root, apart from /etc/crontab? cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: NewSysLog | Crontab
> From owner-freebsd-questi...@freebsd.org Sat May 26 15:55:21 2012 > Date: Sat, 26 May 2012 21:51:37 +0100 > From: Matthew Seaman > To: Jos Chrispijn > Cc: freebsd-questions@freebsd.org > Subject: Re: NewSysLog | Crontab > > On 26/05/2012 18:41, Jos Chrispijn wrote: > > Thanks, will investigate this... > > Keeping the list in the loop... > > > % df -ih /var/log > > > > Filesystem Size Used Avail Capacity iused ifree %iused Mounted on > > /dev/ada0p2 453G 5.8G 411G 1% 468k 29M 2% / > > One big partition for the whole OS? > > > % ls -laoR /var/log > > > > total 448 > > drwxr-xr-x 5 rootwheel- 1024 May 26 00:00 . > > drwxr-xr-x 23 rootwheel- 512 May 17 19:57 .. > > drwx-- 2 rootwheel- 512 May 22 23:30 .spamassassin > > -rw-r--r-- 1 rootwheel- 1 May 23 16:04 Minimalist.log > > -rw--- 1 rootwheel-60 May 26 00:00 all.log > > -rw--- 1 rootwheel-14 May 26 00:00 all.log.0.bz2 > > -rw--- 1 rootwheel-14 May 25 00:00 all.log.2.bz2 > > -rw--- 1 rootwheel-14 May 24 00:00 all.log.4.bz2 > > -rw--- 1 rootwheel-14 May 23 00:00 all.log.6.bz2 > > Oooh, fun. None of the obvious ideas were right, and this is looking > really quite mysterious. You've only got even numbered versions of > all.log backups, but they are spaced 1 day apart, which is the usual > recycle timing for all.log. This is a clear-cut indication of _two_ processes running that rotate the logfiles. The first process to run works, and the second one bitches and moans, and -quits- (with the error shown about not being able to find the file original file to compress) *after* having rened the 1st back-up to the 2nd name. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: NewSysLog | Crontab
On 26/05/2012 18:41, Jos Chrispijn wrote: > Thanks, will investigate this... Keeping the list in the loop... > % df -ih /var/log > > Filesystem Size Used Avail Capacity iused ifree %iused Mounted on > /dev/ada0p2 453G 5.8G 411G 1% 468k 29M 2% / One big partition for the whole OS? > % ls -laoR /var/log > > total 448 > drwxr-xr-x 5 rootwheel- 1024 May 26 00:00 . > drwxr-xr-x 23 rootwheel- 512 May 17 19:57 .. > drwx-- 2 rootwheel- 512 May 22 23:30 .spamassassin > -rw-r--r-- 1 rootwheel- 1 May 23 16:04 Minimalist.log > -rw--- 1 rootwheel-60 May 26 00:00 all.log > -rw--- 1 rootwheel-14 May 26 00:00 all.log.0.bz2 > -rw--- 1 rootwheel-14 May 25 00:00 all.log.2.bz2 > -rw--- 1 rootwheel-14 May 24 00:00 all.log.4.bz2 > -rw--- 1 rootwheel-14 May 23 00:00 all.log.6.bz2 Oooh, fun. None of the obvious ideas were right, and this is looking really quite mysterious. You've only got even numbered versions of all.log backups, but they are spaced 1 day apart, which is the usual recycle timing for all.log. However, there's not much in your all.log at all. It should get at least a message every 5 minutes assuming it's configured. Did you turn on the all.log in /etc/syslogd.conf at all? Or do those 60 bytes in all.log just say something very much like this: # cat /var/log/all.log May 26 00:00:00 lucid-nonsense newsyslog[23677]: logfile turned over (obviously, with your hostname instead and a different PID for newsyslog, and maybe a different date.) In which case, you're not actually logging anything to all.log at all, and you could just make the whole thing go away by: # cd /var/log # rm all.log* But that's no fun at all, and doesn't go anywhere towards explaining why you only get even numbered backups. Can we check a few things please? * Have you modified /etc/newsyslog.conf at all? Or /etc/syslogd.conf ? What does this command return for you? % grep all.log /etc/syslog.conf /etc/newsyslog.conf * What happens when you run the following sequence of commands: # cd /var/log # echo test > foo # bzip2 -f foo || echo $? # ls -la foo* (using script(1) to capture a console transcript would be a good thing here.) Assuming you end up with a foo.bz2 file 45 bytes long, then you should also be able to do this: # bzcat foo.bz2 test * What version of FreeBSD is this, how did you install it and have you applied any patches or made any unusual configuration choices or modifications to the system? Is there anything out of the ordinary with your hardware or the setup on the machine that you think might be relevant? Does it have any history of problems? Did anything about the system change recently? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: NewSysLog | Crontab
Hi Matthew, Thanks, will investigate this... best regards, Jos Matthew Seaman: On 26/05/2012 12:02, Jos Chrispijn wrote: I have this issue with bzip2 and the generation of backup logfiles. This is the error I get: --- cut --- bzip2: I/O or other error, bailing out. Possible reason follows. bzip2: No such file or directory Input file = /var/log/all.log.0, output file = /var/log/all.log.0.bz2 newsyslog: `bzip2 -f /var/log/all.log.0' terminated with a non-zero status (1) bzip2: Can't open input file /var/log/maillog.0: No such file or directory. newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero status (1) --- cut --- Can you tell me what goes wrong here and how to solve this? The underlying problem seems to be problems writing to /var/log. Is the partition (/var probably) full up or out of inodes? df -ih /var/log Also, look at the console to see if anything has been logged there. If it isn't running out of space, then check that the directory hasn't got weird flags settings: ls -laoR /var/log Having something like noschg set on the directory would cause the observed symptoms, but I am at a loss to understand how on earth anything like that could come about. There are a couple of other things it might be, but it's quite unlikely you wouldn't get crashes, coredumps and other signs of the end-times should any of those be the case. Cheers, Matthew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: NewSysLog | Crontab
On 26/05/2012 12:02, Jos Chrispijn wrote: > I have this issue with bzip2 and the generation of backup logfiles. > This is the error I get: > > --- cut --- > > bzip2: I/O or other error, bailing out. Possible reason follows. > bzip2: No such file or directory > Input file = /var/log/all.log.0, output file = /var/log/all.log.0.bz2 > newsyslog: `bzip2 -f /var/log/all.log.0' terminated with a non-zero > status (1) > bzip2: Can't open input file /var/log/maillog.0: No such file or directory. > newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero > status (1) > > --- cut --- > > Can you tell me what goes wrong here and how to solve this? The underlying problem seems to be problems writing to /var/log. Is the partition (/var probably) full up or out of inodes? df -ih /var/log Also, look at the console to see if anything has been logged there. If it isn't running out of space, then check that the directory hasn't got weird flags settings: ls -laoR /var/log Having something like noschg set on the directory would cause the observed symptoms, but I am at a loss to understand how on earth anything like that could come about. There are a couple of other things it might be, but it's quite unlikely you wouldn't get crashes, coredumps and other signs of the end-times should any of those be the case. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
NewSysLog | Crontab
Dear list, I have this issue with bzip2 and the generation of backup logfiles. This is the error I get: --- cut --- bzip2: I/O or other error, bailing out. Possible reason follows. bzip2: No such file or directory Input file = /var/log/all.log.0, output file = /var/log/all.log.0.bz2 newsyslog: `bzip2 -f /var/log/all.log.0' terminated with a non-zero status (1) bzip2: Can't open input file /var/log/maillog.0: No such file or directory. newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero status (1) --- cut --- Can you tell me what goes wrong here and how to solve this? thanks in advance, Jos Chrispijn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
NewSysLog | Crontab
Dear list, I have this issue with bzip2 and the generation of backup logfiles. This is the error I get: --- cut --- bzip2: I/O or other error, bailing out. Possible reason follows. bzip2: No such file or directory Input file = /var/log/all.log.0, output file = /var/log/all.log.0.bz2 newsyslog: `bzip2 -f /var/log/all.log.0' terminated with a non-zero status (1) bzip2: Can't open input file /var/log/maillog.0: No such file or directory. newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero status (1) --- cut --- Can you tell me what goes wrong here and how to solve this? thanks in advance, Jos Chrispijn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newsyslog | Cronjob faulty?
In freebsd-questions Digest, Vol 415, Issue 4, Message: 12 On Wed, 16 May 2012 21:44:53 +0200 Jos Chrispijn wrote: > At midnight (00.00) I run this cronjob from my crontab: > > Crontab: > 00 * * * * root newsyslog By 'my' crontab, do you mean the system crontab, /etc/crontab ? If so, that's nearly but not quite the default syntax of: #minute hourmdaymonth wdaywho command # Rotate log files every hour, if necessary. 0 * * * * rootnewsyslog Note the single '0'. I don't know if '00' is valid. And it doesn't mean 'at midnight', it means whenever the minute is 0, any hour, any day, any month, any weekday; ie newsyslog is run hourly, on the hour. And the default entry in /etc/newsyslog.conf for maillog is: /var/log/maillog640 7 *@T00 JC So it's newsyslog using newsyslog.conf(5) that creates maillog if it doesn't yet exist, rotates it to maillog.0 at midnight (T00), thereafter compressing it with bzip2 (J). > For some reason this goes wrong; (if I run 'newsyslog' on any other > time, there is no error message). > > bzip2: Can't open input file /var/log/maillog.0: No such file or directory. > newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero > status (1) > > /var/log: > -rw-r- 1 rootwheel 63162 May 16 21:20 maillog > -rw-r- 1 rootwheel 109 May 16 00:00 maillog.0.bz2 > -rw-r- 1 rootwheel 73674 May 16 00:00 maillog.1 > -rw-r- 1 rootwheel 111 May 15 00:00 maillog.2.bz2 > -rw-r- 1 rootwheel 73050 May 15 00:00 maillog.3 > -rw-r- 1 rootwheel 109 May 14 00:00 maillog.4.bz2 > -rw-r- 1 rootwheel184042 May 14 00:00 maillog.5 > > Can somebody tell me what goes wrong here? Looks likely two instances of newsyslog racing at midnight; one makes maillog.0.bz2 from the just-rolled maillog.0, the other finds maillog.0 has disappeared before getting to run bzip2 on it? So, two files per day, and the above message? > On my other FreeBSD server the same cronjob goes ok... Check /etc/crontab and /etc/newsyslog.conf on both, and make sure you're not also trying to run a user crontab for root, apart from /etc/crontab? cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Newsyslog | Cronjob faulty?
At midnight (00.00) I run this cronjob from my crontab: Crontab: 00 * * * * rootnewsyslog For some reason this goes wrong; (if I run 'newsyslog' on any other time, there is no error message). bzip2: Can't open input file /var/log/maillog.0: No such file or directory. newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero status (1) /var/log: -rw-r- 1 rootwheel 63162 May 16 21:20 maillog -rw-r- 1 rootwheel 109 May 16 00:00 maillog.0.bz2 -rw-r- 1 rootwheel 73674 May 16 00:00 maillog.1 -rw-r- 1 rootwheel 111 May 15 00:00 maillog.2.bz2 -rw-r- 1 rootwheel 73050 May 15 00:00 maillog.3 -rw-r- 1 rootwheel 109 May 14 00:00 maillog.4.bz2 -rw-r- 1 rootwheel184042 May 14 00:00 maillog.5 Can somebody tell me what goes wrong here? On my other FreeBSD server the same cronjob goes ok... thanks, Jos Chrispijn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog-local.conf
On 20/02/2012 17:52, alexus wrote: > what else I can do then? Wait until tomorrow and see what happens. > i don't need syslogd.. > > this is vm, it runs nothing but squid, squid generates its own > logging, so no reason to run syslogd Well, it's up to you, but syslogd logs a lot more than the output of one application. Even if the machine is intended to run squid as its only core function, there's still a lot of other data of interest from other parts of the system. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: newsyslog-local.conf
what else I can do then? i don't need syslogd.. this is vm, it runs nothing but squid, squid generates its own logging, so no reason to run syslogd On Mon, Feb 20, 2012 at 12:47 PM, Matthew Seaman wrote: > On 20/02/2012 17:29, alexus wrote: >> /var/log/squid/access.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 >> /var/log/squid/cache.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 > > OK -- this looks fine. It should cycle the log files overnight. > > Presumably you first setup the cycling of the squid logfiles yesterday > and your post was prompted by the logs not being recycled last night? > (Yes, that's insultingly obvious, but worth eliminating as a possibility.) > >> Signal all daemon process(es)... >> sleep 10 >> s# >> >> one thing that I noticed: >> newsyslog: pid file doesn't exist: /var/run/syslog.pid >> >> s# grep ^syslogd /etc/rc.conf >> syslogd_enable="NO" >> s# >> >> does syslogd has be run for newsyslog to operate? > > No, syslogd doesn't /need/ to be running, but newsyslog assumes that a > logfile is generated by syslogd unless configured otherwise -- ie. to > signal the pid of a different process. You'll get errors like you've > seen if syslogd isn't running, but they should be innocuous. > > Mind you, not running syslogd is a pretty unusual management decision; > I'd turn it on if I were you, as it's the first recourse whenever > anything goes wrong. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matt...@infracaninophile.co.uk Kent, CT11 9PW > -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog-local.conf
On 20/02/2012 17:29, alexus wrote: > /var/log/squid/access.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 > /var/log/squid/cache.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 OK -- this looks fine. It should cycle the log files overnight. Presumably you first setup the cycling of the squid logfiles yesterday and your post was prompted by the logs not being recycled last night? (Yes, that's insultingly obvious, but worth eliminating as a possibility.) > Signal all daemon process(es)... > sleep 10 > s# > > one thing that I noticed: > newsyslog: pid file doesn't exist: /var/run/syslog.pid > > s# grep ^syslogd /etc/rc.conf > syslogd_enable="NO" > s# > > does syslogd has be run for newsyslog to operate? No, syslogd doesn't /need/ to be running, but newsyslog assumes that a logfile is generated by syslogd unless configured otherwise -- ie. to signal the pid of a different process. You'll get errors like you've seen if syslogd isn't running, but they should be innocuous. Mind you, not running syslogd is a pretty unusual management decision; I'd turn it on if I were you, as it's the first recourse whenever anything goes wrong. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: newsyslog-local.conf
s# newsyslog -n -v Processing /etc/newsyslog.conf Found: /etc/newsyslog-local.conf Processing /etc/newsyslog-local.conf /var/log/all.log <7J>: does not exist, skipped. /var/log/amd.log <7J>: does not exist, skipped. /var/log/auth.log <7J>: size (Kb): 4 [100] --> skipping /var/log/console.log <5J>: does not exist, skipped. /var/log/cron <3J>: size (Kb): 44 [100] --> skipping /var/log/daily.log <7J>: does not exist, skipped. /var/log/debug.log <7J>: size (Kb): 4 [100] --> skipping /var/log/kerberos.log <7J>: does not exist, skipped. /var/log/lpd-errs <7J>: size (Kb): 4 [100] --> skipping /var/log/maillog <7J>: --> will trim at Tue Feb 21 00:00:00 2012 /var/log/messages <5J>: size (Kb): 24 [100] --> skipping /var/log/monthly.log <12J>: does not exist, skipped. /var/log/pflog <3J>: does not exist, skipped. /var/log/ppp.log <3J>: size (Kb): 4 [100] --> skipping /var/log/security <10J>: size (Kb): 4 [100] --> skipping /var/log/sendmail.st <10>: age (hr): 439 [168] --> trimming log rm -f /var/log/sendmail.st.10 rm -f /var/log/sendmail.st.10.gz rm -f /var/log/sendmail.st.10.bz2 rm -f /var/log/sendmail.st.10.xz rm -f /var/log/sendmail.st.9 rm -f /var/log/sendmail.st.9.gz rm -f /var/log/sendmail.st.9.bz2 rm -f /var/log/sendmail.st.9.xz mv /var/log/sendmail.st.3 /var/log/sendmail.st.4 chmod 640 /var/log/sendmail.st.4 mv /var/log/sendmail.st.2 /var/log/sendmail.st.3 chmod 640 /var/log/sendmail.st.3 mv /var/log/sendmail.st.1 /var/log/sendmail.st.2 chmod 640 /var/log/sendmail.st.2 mv /var/log/sendmail.st.0 /var/log/sendmail.st.1 chmod 640 /var/log/sendmail.st.1 ln /var/log/sendmail.st /var/log/sendmail.st.0 chmod 640 /var/log/sendmail.st.0 Start new log... mktemp /var/log/sendmail.st.zXX chmod 640 /var/log/sendmail.st.zXX mv /var/log/sendmail.st.zXX /var/log/sendmail.st newsyslog: pid file doesn't exist: /var/run/syslog.pid /var/log/utx.log <3>: --> will trim at Thu Mar 1 05:00:00 2012 /var/log/weekly.log <5J>: does not exist, skipped. /var/log/xferlog <7J>: size (Kb): 4 [100] --> skipping /var/log/squid/access.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 /var/log/squid/cache.log <7J>: --> will trim at Tue Feb 21 00:00:00 2012 Signal all daemon process(es)... sleep 10 s# one thing that I noticed: newsyslog: pid file doesn't exist: /var/run/syslog.pid s# grep ^syslogd /etc/rc.conf syslogd_enable="NO" s# does syslogd has be run for newsyslog to operate? On Mon, Feb 20, 2012 at 12:24 PM, Matthew Seaman wrote: > On 20/02/2012 17:04, alexus wrote: >> s# tail -1 /etc/newsyslog.conf >> /etc/newsyslog-local.conf >> s# cat /etc/newsyslog-local.conf >> /var/log/squid/access.log squid:squid 640 7 * @T00 J >> /var/run/squid/squid.pid >> /var/log/squid/cache.log squid:squid 640 7 * @T00 J >> s# ls -la /var/log/squid/ >> total 95672 >> drwxr-x--- 2 squid squid 512 Jan 13 04:23 . >> drwxr-xr-x 3 root wheel 1024 Feb 6 00:00 .. >> -rw-r- 1 squid squid 97804783 Feb 20 16:32 access.log >> -rw-r- 1 squid squid 111481 Feb 20 16:29 cache.log >> s# >> >> nothing gets rotated:( what am I doing wrong? >> > > Hmmm... nothing leaps out at me as obviously wrong. > > What does running 'newsyslog -n -v' tell you? > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matt...@infracaninophile.co.uk Kent, CT11 9PW > -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog-local.conf
On 20/02/2012 17:04, alexus wrote: > s# tail -1 /etc/newsyslog.conf > /etc/newsyslog-local.conf > s# cat /etc/newsyslog-local.conf > /var/log/squid/access.log squid:squid 640 7 *@T00 J > /var/run/squid/squid.pid > /var/log/squid/cache.log squid:squid 640 7 *@T00 J > s# ls -la /var/log/squid/ > total 95672 > drwxr-x--- 2 squid squid 512 Jan 13 04:23 . > drwxr-xr-x 3 root wheel 1024 Feb 6 00:00 .. > -rw-r- 1 squid squid 97804783 Feb 20 16:32 access.log > -rw-r- 1 squid squid111481 Feb 20 16:29 cache.log > s# > > nothing gets rotated:( what am I doing wrong? > Hmmm... nothing leaps out at me as obviously wrong. What does running 'newsyslog -n -v' tell you? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
newsyslog-local.conf
s# tail -1 /etc/newsyslog.conf /etc/newsyslog-local.conf s# cat /etc/newsyslog-local.conf /var/log/squid/access.log squid:squid 640 7 *@T00 J /var/run/squid/squid.pid /var/log/squid/cache.logsquid:squid 640 7 *@T00 J s# ls -la /var/log/squid/ total 95672 drwxr-x--- 2 squid squid 512 Jan 13 04:23 . drwxr-xr-x 3 root wheel 1024 Feb 6 00:00 .. -rw-r- 1 squid squid 97804783 Feb 20 16:32 access.log -rw-r- 1 squid squid111481 Feb 20 16:29 cache.log s# nothing gets rotated:( what am I doing wrong? -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog not reading /ect/rc.conf arguments?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Hoffman wrote: > At 6:14 PM +0300 5/5/10, Giorgos Keramidas wrote: >> How did you start newsyslog? There's an rc.d script that should *read* >> the flags from rc.conf: >> >>/etc/rc.d/newsyslog start > > Yes, exactly. I did '/etc/rc.d/newsyslog stop', then '/etc/rc.d/newsyslog > start'. > > > At 11:14 AM -0400 5/5/10, Greg Larkin wrote: >> newsyslog is invoked at boot time by the /etc/rc.d/newsyslog script to >> create missing log files, but after that, it's invoked regularly by cron >> to do the actual rotations. Check the /etc/crontab file and add your >> flags there, and you should be all set. > > Thanks, I see that now. > > This seems like a broken model: intial boot and later restarts uses arguments > from /etc/rc.conf, > but the periodic call does not. I don't think we want people modifying > /etc/crontab, do we? > Shouldn't /etc/crontab be calling '/etc/rc.d/newsyslog restart' instead? > > --Paul Hoffman Hi Paul, The problem here is that the /etc/rc.d/newsyslog script is used to initialize the system at boot time with missing log files specified by /etc/newsyslog.conf and not do any log rotation. The arguments passed to that invocation of newsyslog are (by default): - -C If specified once, then newsyslog will create any log files which do not exist, and which have the C flag specified in their config file entry. If specified multiple times, then newsyslog will create all log files which do not already exist. If log files are given on the command-line, then the -C or -CC will only apply to those specific log files. - -N Do not perform any rotations. This option is intended to be used with the -C or -CC options when creating log files is the only objective. Because -N is not used under normal circumstances, but should be used at boot time, you would need two different specifications for newsyslog flags in /etc/rc.conf, one for boot time and one for invocation from cron. That would complicate the rc system somewhat, so I would lean toward simply adding your preferred arguments to the crontab file. I modify the system crontab file on my machines, and I don't think there's a big problem doing that. Regards, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFL4b4w0sRouByUApARArxgAJ4gvUbJK69ApZ9tr1LNE1fWd20fjgCfc4db qyR2z9wgv53vIAYGQ+2u0HU= =8qby -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog not reading /ect/rc.conf arguments?
At 6:14 PM +0300 5/5/10, Giorgos Keramidas wrote: >How did you start newsyslog? There's an rc.d script that should *read* >the flags from rc.conf: > >/etc/rc.d/newsyslog start Yes, exactly. I did '/etc/rc.d/newsyslog stop', then '/etc/rc.d/newsyslog start'. At 11:14 AM -0400 5/5/10, Greg Larkin wrote: >newsyslog is invoked at boot time by the /etc/rc.d/newsyslog script to >create missing log files, but after that, it's invoked regularly by cron >to do the actual rotations. Check the /etc/crontab file and add your >flags there, and you should be all set. Thanks, I see that now. This seems like a broken model: intial boot and later restarts uses arguments from /etc/rc.conf, but the periodic call does not. I don't think we want people modifying /etc/crontab, do we? Shouldn't /etc/crontab be calling '/etc/rc.d/newsyslog restart' instead? --Paul Hoffman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog not reading /ect/rc.conf arguments?
On Wed, 5 May 2010 08:01:26 -0700, Paul Hoffman wrote: > Greetings again. Running FreeBSD 8.0, I have added the following to > /etc/rc.conf: > > newsyslog_flags="-a /usr/old-log/" > > I have stopped and started newsyslog. However, the rotated logs are > still being written into /var/log. No errors appear in > /var/log/messages or in dmesg. How did you start newsyslog? There's an rc.d script that should *read* the flags from rc.conf: /etc/rc.d/newsyslog start ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog not reading /ect/rc.conf arguments?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Hoffman wrote: > Greetings again. Running FreeBSD 8.0, I have added the following to > /etc/rc.conf: > newsyslog_flags="-a /usr/old-log/" > I have stopped and started newsyslog. However, the rotated logs are still > being written into /var/log. No errors appear in /var/log/messages or in > dmesg. > > Any clues? > > --Paul Hoffman Hi Paul, newsyslog is invoked at boot time by the /etc/rc.d/newsyslog script to create missing log files, but after that, it's invoked regularly by cron to do the actual rotations. Check the /etc/crontab file and add your flags there, and you should be all set. Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFL4Ys+0sRouByUApARAoYwAJ9VjG0SH6fOmlil+kvJtadlg+VX3QCgl7aq 7be/1LJn4coaeF12O9G49Vc= =0zhA -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
newsyslog not reading /ect/rc.conf arguments?
Greetings again. Running FreeBSD 8.0, I have added the following to /etc/rc.conf: newsyslog_flags="-a /usr/old-log/" I have stopped and started newsyslog. However, the rotated logs are still being written into /var/log. No errors appear in /var/log/messages or in dmesg. Any clues? --Paul Hoffman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Log rotation / newsyslog / apache not reloaded
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/04/2010 11:08:14, Zbigniew Szalbot wrote: > On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote: > >> Hello, >> >> I have the following lines in my /etc/newsyslog.conf >> >> /var/log/*-access.log 644 30*@T00 JCG >> /var/log/*-error.log644 30*@T00 JCG > > I added /var/run/httpd.pid at the end of both lines and will see if > that helps. I use this: /var/log/httpd-access.log 644 3 100 * J /var/run/httpd.pid 30 /var/log/httpd-error.log 644 3 100 * J /var/run/httpd.pid 30 Signal 30 (SIGUSR1) causes Apache to do a graceful restart which is less disruptive for anyone using the web site, but it can result in a few log records being lost during the restart. If you're going to be running a busy website, then it's better to use rotatelogs(1) (comes with apache) or cronolog(1) (in ports) to cycle the log files. Neither of those handles compressing or deleteing old log files, but a trivial cron job will deal with that. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvG6vkACgkQ8Mjk52CukIw4UgCfaMG9vpDTeMAvhCQ+MaBlgTEh EbMAmgOI246i1nFgb7EuM6qVBbXqGVC8 =Tama -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Log rotation / newsyslog / apache not reloaded
On 2010-04-15 12:08, Zbigniew Szalbot wrote: > On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote: > >> Hello, >> >> I have the following lines in my /etc/newsyslog.conf >> >> /var/log/*-access.log 644 30*@T00 JCG >> /var/log/*-error.log644 30*@T00 JCG > > I added /var/run/httpd.pid at the end of both lines and will see if > that helps. > > Zbigniew Szalbot > Alternatively you can use sysutils/cronolog which will eliminate the need to restart Apache entirely. Apache's configuration file allows you to pipe your logs to sysutils/cronolog (or any other external program) which in turn can be configured to split the logs almost any way you like. This is very convenient, especially if you run many vhosts which normally will turn nywsyslog.conf into a mess. The man page explains it in detail. http://cronolog.org/download/cronolog.pdf Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Log rotation / newsyslog / apache not reloaded
On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote: > Hello, > > I have the following lines in my /etc/newsyslog.conf > > /var/log/*-access.log 644 30*@T00 JCG > /var/log/*-error.log644 30*@T00 JCG I added /var/run/httpd.pid at the end of both lines and will see if that helps. Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Log rotation / newsyslog / apache not reloaded
Hello, I have the following lines in my /etc/newsyslog.conf /var/log/*-access.log 644 30*@T00 JCG /var/log/*-error.log644 30*@T00 JCG Man newsyslog.conf says: If this field (signal_number) is not present, then a SIGHUP signal will be sent. My problem is that while the apache logs are rotated as specified in the newsyslog.conf file, the apache server is not reloaded which causes it to write log entries to the now compressed files. Which flag should I specify to make sure apache is reloaded during log rotation? Thank you very much in advance! Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newsyslog mode on /var/log/security?
On Monday 30 March 2009 08:48:34 Garance A Drosehn wrote: > Well, I should probably change newsyslog to "do something different" > (he says vaguely) when the same file is specified multiple times. warnx() would be nice ;). -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newsyslog mode on /var/log/security?
At 8:08 AM +0200 3/30/09, Roger Olofsson wrote: Garance A Drosehn skrev: At 10:48 PM +0200 3/29/09, Roger Olofsson wrote: I seem to have forgotten something about /var/log/security and newsyslog.conf. I get wrong mode after the trim. Excerpt from /etc/newsyslog.conf: /var/log/security 644 7 5000 * JC Are you sure that's the only line you have for /var/log/security in your /etc/newsyslog.conf file? The distributed config file has: /var/log/security600 10 100* JC Obviously you have a different entry from that, but did you remove the original entry? Hi Garance, You are correct! I missed the original line. Silly me :^D Well, I should probably change newsyslog to "do something different" (he says vaguely) when the same file is specified multiple times. Thank you very much! You're welcome. -- Garance Alistair Drosehn = dros...@rpi.edu Senior Systems Programmer or g...@freebsd.org Rensselaer Polytechnic Institute; Troy, NY; USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newsyslog mode on /var/log/security?
Garance A Drosehn skrev: At 10:48 PM +0200 3/29/09, Roger Olofsson wrote: Dear mailing list, I seem to have forgotten something about /var/log/security and newsyslog.conf. I get wrong mode after the trim. Excerpt from /etc/newsyslog.conf: /var/log/security 644 7 5000 * JC Are you sure that's the only line you have for /var/log/security in your /etc/newsyslog.conf file? The distributed config file has: /var/log/security600 10 100* JC Obviously you have a different entry from that, but did you remove the original entry? Output from newsyslog -vn: chmod 600 /var/log/security.0.bz2 Why is the mode not 644? /etc/rc.d/syslogd restart and newsyslog restart have been performed. I tried changing the permissions-field in my newsyslog.conf from 600 to 644, and newsyslog worked correctly for me. Hi Garance, You are correct! I missed the original line. Silly me :^D Thank you very much! /R ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newsyslog mode on /var/log/security?
At 10:48 PM +0200 3/29/09, Roger Olofsson wrote: Dear mailing list, I seem to have forgotten something about /var/log/security and newsyslog.conf. I get wrong mode after the trim. Excerpt from /etc/newsyslog.conf: /var/log/security 644 7 5000 * JC Are you sure that's the only line you have for /var/log/security in your /etc/newsyslog.conf file? The distributed config file has: /var/log/security 600 10100 * JC Obviously you have a different entry from that, but did you remove the original entry? Output from newsyslog -vn: chmod 600 /var/log/security.0.bz2 Why is the mode not 644? /etc/rc.d/syslogd restart and newsyslog restart have been performed. I tried changing the permissions-field in my newsyslog.conf from 600 to 644, and newsyslog worked correctly for me. -- Garance Alistair Drosehn = dros...@rpi.edu Senior Systems Programmer or g...@freebsd.org Rensselaer Polytechnic Institute; Troy, NY; USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Newsyslog mode on /var/log/security?
Dear mailing list, I seem to have forgotten something about /var/log/security and newsyslog.conf. I get wrong mode after the trim. Excerpt from /etc/newsyslog.conf: /var/log/security 644 7 5000 * JC Output from newsyslog -vn: chmod 600 /var/log/security.0.bz2 Why is the mode not 644? /etc/rc.d/syslogd restart and newsyslog restart have been performed. /R ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: newsyslog naming scheme could be improved?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Walt Pawley wrote: | At 9:33 AM -0700 10/11/08, Kelly Jones wrote: |> newsyslog rotates logfiles so that messages.0.gz is yesterday's file, |> messages.1.gz is the day before's, etc. |> |> This is ugly. | | IMHO, this is worse than merely ugly. I gave up "rotating" log | files a long time ago when I kept running into problems that | needed extensive time periods worth of log data with which to | resolve issues. I use some modifications to the periodic | scripts to do the log data archiving with time related names. | | Of course, if you're generating megabytes of compressed log | data every day, this is likely impractical but it works well | for systems I normally use. I note that syslog.conf allows you to pipe log messages into some other application. Simply using cronolog (or rotatelogs from one of the Apache ports) would allow you to create date-stamped logfile names pretty easily. Eg. *.* |/usr/local/sbin/cronolog /var/log/all-%Y-%m-%d.log This doesn't provide control of file permissions or compression of old log files, but either of those are relatively simple to fix. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkj0TuEACgkQ3jDkPpsZ+VYhMQCfTMJFKWSGWLAOrbQgbZ3HFEWo DWgAoJDLjWy7kSwPxAzmUcXcZW1B1v0m =k4af -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog naming scheme could be improved?
At 9:33 AM -0700 10/11/08, Kelly Jones wrote: >newsyslog rotates logfiles so that messages.0.gz is yesterday's file, >messages.1.gz is the day before's, etc. > >This is ugly. IMHO, this is worse than merely ugly. I gave up "rotating" log files a long time ago when I kept running into problems that needed extensive time periods worth of log data with which to resolve issues. I use some modifications to the periodic scripts to do the log data archiving with time related names. Of course, if you're generating megabytes of compressed log data every day, this is likely impractical but it works well for systems I normally use. -- Walter M. Pawley <[EMAIL PROTECTED]> Wump Research & Company 676 River Bend Road, Roseburg, OR 97471 541-672-8975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog naming scheme could be improved?
On Sat 2008-10-11 14:58:39 UTC-0400, Garance A Drosehn ([EMAIL PROTECTED]) wrote: > It would be bad to change the default behavior, but there have > been several people who wished for some option for newsyslog > which would make it use some alternate naming scheme. There's > at least one PR about it, for instance. > > It is on my list of things to do, but I've had a long stretch > of time where I have too many things on that list. I wouldn't > go for a naming scheme that's as long as the above suggestion, > though. Perhaps newsyslog could support filenames in strftime(3) format, eg. /var/log/messages.%Y-%m-%d I think the format of newsyslog.conf might need to change to allow that though, breaking compatibility... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog naming scheme could be improved?
At 9:33 AM -0700 10/11/08, Kelly Jones wrote: ...but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? It would be bad to change the default behavior, but there have been several people who wished for some option for newsyslog which would make it use some alternate naming scheme. There's at least one PR about it, for instance. It is on my list of things to do, but I've had a long stretch of time where I have too many things on that list. I wouldn't go for a naming scheme that's as long as the above suggestion, though. -- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute; Troy, NY; USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog naming scheme could be improved?
On Oct 11, 2008, at 09:46, Jeremy Chadwick wrote: On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. If I tell my fellow sysadmins that I ran this command: zfgrep 'bad thing' /var/log/messages.4.gz and found stuff, they may run it the next day and get different results because the file is now messages.5.gz Is it possible to educate your co-workers into looking at timestamps on files before randomly assuming that EVERYTHING ends up in .4.gz? :-) Surely your co-workers aren't that dense. Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz and tell them "pay close attention to the timestamps shown!!" That might work as a better work-around. Improving my cow-orkers intelligence would be the ideal solution, but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? I'd vote for the following strftime(3) format: "%Y%m%dT%H%M". Otherwise known as: MMDDThhmm Either approach would sure increase the typing when searching for log entries for a specific day. I keep 30 days of maillogs and reasonably frequently have to search them for a specific day a week or 2 ago. Given that I usually run about 5 searches to find all the relevant entries, that would sure add to the typing. Also, I have no immediate idea how newsyslog would be able to still retain 30 backups. The dates on the files are not necessarily accurate. They can get changed easily. Searching with maillog.* is a horrible waste of computer and people time. Puts a real load on the mail server and I wait for quite awhile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog naming scheme could be improved?
On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: > newsyslog rotates logfiles so that messages.0.gz is yesterday's file, > messages.1.gz is the day before's, etc. > > This is ugly. If I tell my fellow sysadmins that I ran this command: > > zfgrep 'bad thing' /var/log/messages.4.gz > > and found stuff, they may run it the next day and get different > results because the file is now messages.5.gz Is it possible to educate your co-workers into looking at timestamps on files before randomly assuming that EVERYTHING ends up in .4.gz? :-) Surely your co-workers aren't that dense. Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz and tell them "pay close attention to the timestamps shown!!" That might work as a better work-around. > Improving my cow-orkers intelligence would be the ideal solution, but > has anyone considered tweaking newsyslog to name files > messages.2008-10-05-12-00-00.gz or something. IE, give them a constant > name that doesn't change and then delete them after how many ever > days? I'd vote for the following strftime(3) format: "%Y%m%dT%H%M". Otherwise known as: MMDDThhmm = Year (4-digit) MM = Month (01 to 12) DD = Day (01 to 31) T = Literal ASCII string "T" hh = Hour (24-hour time, e.g. 00 to 23) mm = Minute (00 to 59) The "T" aspect is optional, but it's what we use at my workplace, and makes recognising the hour-minute portion easier. I don't think we need second-level granularity on this stuff; even minute granularity is questionable (because not all logs will get rotated at exactly 00 minutes; they might take 20 minutes to compress based on system load, etc...), since you'd have inconsistencies in the filenames, e.g.: messages.20081005T.gz messages.20081006T0001.gz messages.20081007T0001.gz messages.20081008T.gz messages.20081009T0002.gz And so on. Food for thought. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog naming scheme could be improved?
newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. If I tell my fellow sysadmins that I ran this command: zfgrep 'bad thing' /var/log/messages.4.gz and found stuff, they may run it the next day and get different results because the file is now messages.5.gz Improving my cow-orkers intelligence would be the ideal solution, but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Fri, 03 Oct 2008 10:08:52 +0200 "DA Forsyth" <[EMAIL PROTECTED]> wrote: > On 2 Oct 2008 , [EMAIL PROTECTED] entreated about > "freebsd-questions Digest, Vol 235, Issue 11": I'm replying to the digest too, so threading is doubly screwed :) > > No need to change log rotation software since the problem clearly is > > somewhere else. You need to inspect Apache's error logs to see why it > > cannot start. > > the previous error log shows > [Wed Oct 01 08:00:03 2008] [notice] Graceful restart requested, doing > restart > [Wed Oct 01 08:00:04 2008] [notice] seg fault or similar nasty error > detected in the parent process This is what you need to find and fix. Most likely a config error of some sort .. possibly re some module - php extensions order, maybe? What does 'apachectl configtest' have to say? > the new error log shows, after the manual start > [Wed Oct 01 08:39:09 2008] [warn] pid file /var/run/httpd.pid > overwritten -- Unclean shutdown of previous Apache run? > [Wed Oct 01 08:39:09 2008] [notice] Apache/2.0.63 (FreeBSD) PHP/4.4.9 > with Suhosin-Patch DAV/2 SVN/1.5.2 configured -- resuming normal > operations > > those error messages are repeated any time I do a >apachectl graceful > > However, doing >apachectl stop >apachectlstart > works as expected. See apachectl(8) .. apachectl graceful sends httpd a SIGUSR1, as does your previously mentioned newsyslog line, which shuts apache down but without murdering existing connections, while apachectl restart does. However both graceful and restart run configttest before restarting, and it seems likely that's where/why it's bombing. OTOH, apachectl start doesn't run configtest, maybe explaining why it starts up ok that way? > apache version is apache-2.0.63_2 from ports > uname -a gives > FreeBSD iwr.ru.ac.za 7.0-RELEASE-p1 FreeBSD 7.0-RELEASE-p1 #2: Mon > Jun 2 13:10:26 SAST 2008 > iwr.ru.ac.za:/usr/obj/usr/src/sys/KERNIWR70 i386 Here running apache 1.3 on 5.5-STABLE, but I doubt the apachectl functionality has changed significantly, though I may be wrong .. > php v4 is installed, though i do plan to upgrade that to V5 as soon > as I get time to do it. Good idea, especially if PHP is related to your apparent config issue. > PS: I used to use logrotate, but it too stopped working correctly, > with apache process stopping in a similar way that is why I changed > to newsyslog. I rotate the logs monthly, and set it to 8am so there > is a chance I'll be on hand to start apache to minimize downtime. Theoretically if it survives an apachectl configtest, you should be good to go - and if it doesn't, neither method will restart apache. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On 2 Oct 2008 , [EMAIL PROTECTED] entreated about "freebsd-questions Digest, Vol 235, Issue 11": > No need to change log rotation software since the problem clearly is > somewhere else. You need to inspect Apache's error logs to see why it > cannot start. > the previous error log shows [Wed Oct 01 08:00:03 2008] [notice] Graceful restart requested, doing restart [Wed Oct 01 08:00:04 2008] [notice] seg fault or similar nasty error detected in the parent process the new error log shows, after the manual start [Wed Oct 01 08:39:09 2008] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Wed Oct 01 08:39:09 2008] [notice] Apache/2.0.63 (FreeBSD) PHP/4.4.9 with Suhosin-Patch DAV/2 SVN/1.5.2 configured -- resuming normal operations those error messages are repeated any time I do a apachectl graceful However, doing apachectl stop apachectlstart works as expected. apache version is apache-2.0.63_2 from ports uname -a gives FreeBSD iwr.ru.ac.za 7.0-RELEASE-p1 FreeBSD 7.0-RELEASE-p1 #2: Mon Jun 2 13:10:26 SAST 2008 iwr.ru.ac.za:/usr/obj/usr/src/sys/KERNIWR70 i386 php v4 is installed, though i do plan to upgrade that to V5 as soon as I get time to do it. PS: I used to use logrotate, but it too stopped working correctly, with apache process stopping in a similar way that is why I changed to newsyslog. I rotate the logs monthly, and set it to 8am so there is a chance I'll be on hand to start apache to minimize downtime. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
2008/10/2 Jerry <[EMAIL PROTECTED]>: > On Thu, 2 Oct 2008 14:51:26 +0200 > "Zbigniew Szalbot" <[EMAIL PROTECTED]> wrote: > >>No need to change log rotation software since the problem clearly is >>somewhere else. You need to inspect Apache's error logs to see why it >>cannot start. > > All the information on getting it working correctly is located here: > > http://httpd.apache.org/docs/1.3/logs.html#rotation But he clearly stated: "I alos see that 'apachectl restart' stops apache but it doesn't restart." So I guess first thing is to check why apachectl does not restart the server. -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Thu, 2 Oct 2008 14:51:26 +0200 "Zbigniew Szalbot" <[EMAIL PROTECTED]> wrote: >No need to change log rotation software since the problem clearly is >somewhere else. You need to inspect Apache's error logs to see why it >cannot start. All the information on getting it working correctly is located here: http://httpd.apache.org/docs/1.3/logs.html#rotation -- Jerry [EMAIL PROTECTED] "Surely you can't be serious." "I am serious, and don't call me Shirley." signature.asc Description: PGP signature
Re: newsyslog and apache
Hello, 2008/10/2 Jerry <[EMAIL PROTECTED]>: > On Thu, 02 Oct 2008 14:20:50 +0200 > "DA Forsyth" <[EMAIL PROTECTED]> wrote: > >>I used to have one big apache log file, but decided to rotate it once >>a month using newsyslog. >> >>However, now apache stops and does not restart when the log is >>rotated. >> >>line from newsyslog.conf >>/var/log/apache/httpd-access.log640 13 *$M1D8 B >> /var/run/httpd.pid 30 >> >>with a similar one for the error log. >> >>I have to manually start apache after this rotates the log. >> >>I alos see that 'apachectl restart' stops apache but it doesn't >>restart. >> >>any ideas? > > > I use 'rotatelogs': No need to change log rotation software since the problem clearly is somewhere else. You need to inspect Apache's error logs to see why it cannot start. -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Thu, 02 Oct 2008 14:20:50 +0200 "DA Forsyth" <[EMAIL PROTECTED]> wrote: >I used to have one big apache log file, but decided to rotate it once >a month using newsyslog. > >However, now apache stops and does not restart when the log is >rotated. > >line from newsyslog.conf >/var/log/apache/httpd-access.log640 13 *$M1D8 B > /var/run/httpd.pid 30 > >with a similar one for the error log. > >I have to manually start apache after this rotates the log. > >I alos see that 'apachectl restart' stops apache but it doesn't >restart. > >any ideas? I use 'rotatelogs': http://httpd.apache.org/docs/2.0/programs/rotatelogs.html to facilitate the rotating of logs. If you need further information, contact me OL. -- Jerry [EMAIL PROTECTED] To see a need and wait to be asked, is to already refuse. signature.asc Description: PGP signature
newsyslog and apache
I used to have one big apache log file, but decided to rotate it once a month using newsyslog. However, now apache stops and does not restart when the log is rotated. line from newsyslog.conf /var/log/apache/httpd-access.log640 13 *$M1D8 B /var/run/httpd.pid 30 with a similar one for the error log. I have to manually start apache after this rotates the log. I alos see that 'apachectl restart' stops apache but it doesn't restart. any ideas? -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog
Just one quick question: do changes to /etc/newsyslog.conf require /usr/bin/killall -HUP syslogd? quick answer: NO. for sure. I commented out one entry for log rotation, however at midnight the log was still rotated by newsyslog as if it had not been commented out. Man newsyslog.conf seems to suggest this is not necessary... check things once again. you missed something. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog
Hello, Daniel Bye: I commented out one entry for log rotation, however at midnight the log was still rotated by newsyslog as if it had not been commented out. Man newsyslog.conf seems to suggest this is not necessary... Odd. I've never encountered this problem. Are you sure you commented out the right file? ;-) Well, I am going to try again tonight but this is what I have in /etc/newsyslog.conf # /var/log/maillog 644 60*@T00 JC I will report to the list if it still rotates the mail file. Thanks! -- Zbigniew Szalbot www.LCWords.com smime.p7s Description: S/MIME Cryptographic Signature
Re: newsyslog
On Mon, Sep 01, 2008 at 01:06:38PM +0200, Zbigniew Szalbot wrote: > Hello, > > Just one quick question: do changes to /etc/newsyslog.conf require > /usr/bin/killall -HUP syslogd? No, newsyslog.conf is the config file for the newsyslog script, which is called from cron every hour (IIRC). newsyslog handles sending signals to syslogd and others depending on the values in the last three fields of the newsyslog.conf file. > > I commented out one entry for log rotation, however at midnight the log > was still rotated by newsyslog as if it had not been commented out. Man > newsyslog.conf seems to suggest this is not necessary... Odd. I've never encountered this problem. Are you sure you commented out the right file? ;-) Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgph2gSbfe7Aa.pgp Description: PGP signature
newsyslog
Hello, Just one quick question: do changes to /etc/newsyslog.conf require /usr/bin/killall -HUP syslogd? I commented out one entry for log rotation, however at midnight the log was still rotated by newsyslog as if it had not been commented out. Man newsyslog.conf seems to suggest this is not necessary... Thanks! -- Zbigniew Szalbot www.LCWords.com smime.p7s Description: S/MIME Cryptographic Signature
mysql log and newsyslog
Hello. I have a problem with mysql logs and newsyslog. I archive mysql log with this in my my.cnf: log=/var/log/mysql My log works fine. However, when newsylog archives the log and create a new log file, mysql doesn't log anymore anything. See my newsyslog.conf: /var/log/mysql mysql:wheel 640 100 *@T23 Z And after 23:00: -rw-r- 1 mysql wheel 62 1 jul 23:00 mysql -rw-r- 1 mysql wheel 213993 1 jul 23:00 mysql.0.gz The old log is archived, the new is created, but mysql doestn't log anymore anything. Any idea to solve this problem? Thanks! -- - Nicolas. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/20 David Robillard <[EMAIL PROTECTED]>: > >> Thank u all very much guysi will see if i do a graceful or simply a > >> restart cause i dont think the apache will be getting too many > connections > >> all the timebut that clarifications was quite good Davidand > thank u > >> for the examplethat is always the best way to understand > things...much > >> appreciated... > >> > >> Will try bothjust a question about compression...What i understood > >> from your mail is that as apache takes some time to let his children > close > >> all connections i shouldn zip those logs cause, newsyslog wont wait till > >> apache finishes and probably will xip logs that are still being access > by > >> the children? if htat is the case using a HUP will close all and allow > me to > >> use compresion? > > Yes it would. But if you go this route, you might loose some logs from > the childrens. If you don't run a busy server with lots of hits and > lots of VirtualHosts, then that might not be a problem for you. Like > Ruben said, YMMV. > > IMHO, if the Apache Best Practices and documentation say you should > use USR1 and not compress the logs automatically via newsyslog(8) or > logrotate(8), then that's what I do. > > Of course, you can compress the logs at a later time once the files > have been rotated of course. But with today's disk sizes and SAN > storage, I'd be surprised that a few Apache log files can pose a disk > space problem. > > Think of it another way. If today you run a single very small site, > then you might want be tempted to use HUP and compression simply > because it's easier and, well, it works. Agreed that using USR1 seems > a little more complicated (a little) and might seem like an overkill > setup for a single small site. > > But tomorrow you might end up working for a very large site that runs > a huge number of VirtualHosts with thousands of hits per seconds on a > three-tier web platform that has a cluster of web servers, application > servers and backend databases. If you've learned and used the Best > Practices back in the days when you had your single little web site, > then it won't be a secret to you and you'll be ready to tackle the > demands of a bigger site. Besides, it's not like using USR1 is some > form of arcane black sysadmin magic, right? :) > > If you need more info on this topic, check out the official > documentation (i.e. RTFM ;-) > > Apache 1.3 > http://httpd.apache.org/docs/1.3/stopping.html > > Apache 2.0 > http://httpd.apache.org/docs/2.0/stopping.html > > Apache 2.2 > http://httpd.apache.org/docs/2.2/stopping.html > > > > Sorry guys...got one more doubtWhy do u use B (binary) if apache logs > > are simple text? any particular reason? > > From the newsyslog.conf(5) man page: > > B indicates that the log file is a binary file, or has > some > special format. Usually newsyslog(8) inserts an ASCII > message into a log file during rotation. This message > is > used to indicate when, and sometimes why the log file > was > rotated. If B is specified, then that informational > mes- > sage will not be inserted into the log file. > > Indeed, the Apache logs are ASCII files. I use the B flag in > newsyslog.conf(5) simply because I don't want to have newsyslog(8) to > write anything in the Apache logs. Why? Because it confuses our Apache > log file analyzers. That's all. I mean, I know the reasons why the > logs are rotated and I know that it's newsyslog(8) that did it (I > should know, I'm the one who configured it). So I don't need a > reminder inside the logs about it. Once again, YMMV. > > HTH, > > David > -- > David Robillard > UNIX systems administrator & Oracle DBA > CISSP, RHCE & Sun Certified Security Administrator > Montreal: +1 514 966 0122 > Greatthanks again...I'll be using B and no HUP...i will follow apache's doc and your advice...hehe.. Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
>> Thank u all very much guysi will see if i do a graceful or simply a >> restart cause i dont think the apache will be getting too many connections >> all the timebut that clarifications was quite good Davidand thank u >> for the examplethat is always the best way to understand things...much >> appreciated... >> >> Will try bothjust a question about compression...What i understood >> from your mail is that as apache takes some time to let his children close >> all connections i shouldn zip those logs cause, newsyslog wont wait till >> apache finishes and probably will xip logs that are still being access by >> the children? if htat is the case using a HUP will close all and allow me to >> use compresion? Yes it would. But if you go this route, you might loose some logs from the childrens. If you don't run a busy server with lots of hits and lots of VirtualHosts, then that might not be a problem for you. Like Ruben said, YMMV. IMHO, if the Apache Best Practices and documentation say you should use USR1 and not compress the logs automatically via newsyslog(8) or logrotate(8), then that's what I do. Of course, you can compress the logs at a later time once the files have been rotated of course. But with today's disk sizes and SAN storage, I'd be surprised that a few Apache log files can pose a disk space problem. Think of it another way. If today you run a single very small site, then you might want be tempted to use HUP and compression simply because it's easier and, well, it works. Agreed that using USR1 seems a little more complicated (a little) and might seem like an overkill setup for a single small site. But tomorrow you might end up working for a very large site that runs a huge number of VirtualHosts with thousands of hits per seconds on a three-tier web platform that has a cluster of web servers, application servers and backend databases. If you've learned and used the Best Practices back in the days when you had your single little web site, then it won't be a secret to you and you'll be ready to tackle the demands of a bigger site. Besides, it's not like using USR1 is some form of arcane black sysadmin magic, right? :) If you need more info on this topic, check out the official documentation (i.e. RTFM ;-) Apache 1.3 http://httpd.apache.org/docs/1.3/stopping.html Apache 2.0 http://httpd.apache.org/docs/2.0/stopping.html Apache 2.2 http://httpd.apache.org/docs/2.2/stopping.html > Sorry guys...got one more doubtWhy do u use B (binary) if apache logs > are simple text? any particular reason? >From the newsyslog.conf(5) man page: B indicates that the log file is a binary file, or has some special format. Usually newsyslog(8) inserts an ASCII message into a log file during rotation. This message is used to indicate when, and sometimes why the log file was rotated. If B is specified, then that informational mes- sage will not be inserted into the log file. Indeed, the Apache logs are ASCII files. I use the B flag in newsyslog.conf(5) simply because I don't want to have newsyslog(8) to write anything in the Apache logs. Why? Because it confuses our Apache log file analyzers. That's all. I mean, I know the reasons why the logs are rotated and I know that it's newsyslog(8) that did it (I should know, I'm the one who configured it). So I don't need a reminder inside the logs about it. Once again, YMMV. HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/20 Agus <[EMAIL PROTECTED]>: > 2008/6/19 David Robillard <[EMAIL PROTECTED]>: > >> > Well yes, this is precisely the reason why we use a SIGHUP (equivalent >> to >> > "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't >> > really care about a few broken client connections since the logs are >> rotated >> > at a quiet time. >> > >> > Of course, YMMV. >> >> Yes, of course :) >> >> > regards, >> > Ruben >> >> Cheers, >> >> DA+ >> -- >> David Robillard >> UNIX systems administrator & Oracle DBA >> CISSP, RHCE & Sun Certified Security Administrator >> Montreal: +1 514 966 0122 >> > > > Thank u all very much guysi will see if i do a graceful or simply a > restart cause i dont think the apache will be getting too many connections > all the timebut that clarifications was quite good Davidand thank u > for the examplethat is always the best way to understand things...much > appreciated... > > Will try bothjust a question about compression...What i understood from > your mail is that as apache takes some time to let his children close all > connections i shouldn zip those logs cause, newsyslog wont wait till apache > finishes and probably will xip logs that are still being access by the > children? if htat is the case using a HUP will close all and allow me to use > compresion? > > Cheers, > Agustin > Sorry guys...got one more doubtWhy do u use B (binary) if apache logs are simple text? any particular reason? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/19 David Robillard <[EMAIL PROTECTED]>: > > Well yes, this is precisely the reason why we use a SIGHUP (equivalent to > > "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't > > really care about a few broken client connections since the logs are > rotated > > at a quiet time. > > > > Of course, YMMV. > > Yes, of course :) > > > regards, > > Ruben > > Cheers, > > DA+ > -- > David Robillard > UNIX systems administrator & Oracle DBA > CISSP, RHCE & Sun Certified Security Administrator > Montreal: +1 514 966 0122 > Thank u all very much guysi will see if i do a graceful or simply a restart cause i dont think the apache will be getting too many connections all the timebut that clarifications was quite good Davidand thank u for the examplethat is always the best way to understand things...much appreciated... Will try bothjust a question about compression...What i understood from your mail is that as apache takes some time to let his children close all connections i shouldn zip those logs cause, newsyslog wont wait till apache finishes and probably will xip logs that are still being access by the children? if htat is the case using a HUP will close all and allow me to use compresion? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
> Well yes, this is precisely the reason why we use a SIGHUP (equivalent to > "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't > really care about a few broken client connections since the logs are rotated > at a quiet time. > > Of course, YMMV. Yes, of course :) > regards, > Ruben Cheers, DA+ -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
On Wed, Jun 18, 2008 at 11:29:13AM -0400, David Robillard typed: > >> Well, i take this opportunity also to ask about Apache toowhich signal > >> should i send? > > > > A HUP signal should work for apache. > > Actually, the Apache documentation says that one must use USR1 instead > of HUP to send a gracefull restart instead of a hangup. > This is to let the children httpd processes some time to finish their > transactions before the master restarts. It is also for this reason > that the logs should not be compressed by newsyslogd. Well yes, this is precisely the reason why we use a SIGHUP (equivalent to "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't really care about a few broken client connections since the logs are rotated at a quiet time. Of course, YMMV. regards, Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
>> Well, i take this opportunity also to ask about Apache toowhich signal >> should i send? > > A HUP signal should work for apache. Actually, the Apache documentation says that one must use USR1 instead of HUP to send a gracefull restart instead of a hangup. This is to let the children httpd processes some time to finish their transactions before the master restarts. It is also for this reason that the logs should not be compressed by newsyslogd. This is what we use in newsyslog.conf(5) for our Apache servers: /var/log/httpd/access.log640 5 1024 * B /var/run/httpd.pid 30 /var/log/httpd/error.log640 5 1024 * B /var/run/httpd.pid 30 /var/log/httpd/ssl.log 640 5 1024 * B /var/run/httpd.pid 30 Of course, your log file names will vary according to your preferences and VirtualHosts. HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
>> Well, i take this opportunity also to ask about Apache toowhich signal >> should i send? > > A HUP signal should work for apache. > For Apache you may find useful rotatelogs. It should come with port. Bye Valerio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
Hi Agustin, On Tue, Jun 17, 2008 at 03:52:55PM -0300, Agus typed: > Hi fellows... > > I am wanting to rotate logs for vsftpd using newsyslog...My question is, > does vsftpd needs to get the HUP or any signal after rotation? > I run it from inetd so i guess the HUP should be sent to inetd.pid right? No, when run from inetd, no HUP is needed. New instances of vsftpd spawned by inetd will automatically log to the new logfile. > Well, i take this opportunity also to ask about Apache toowhich signal > should i send? A HUP signal should work for apache. regards, Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Vsftpd rotate logs with newsyslog...
Hi fellows... I am wanting to rotate logs for vsftpd using newsyslog...My question is, does vsftpd needs to get the HUP or any signal after rotation? I run it from inetd so i guess the HUP should be sent to inetd.pid right? Well, i take this opportunity also to ask about Apache toowhich signal should i send? Thank guys in advance, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Renaming log files while archiving - newsyslog?
Ewald Jenisch <[EMAIL PROTECTED]> writes: > I want to set up automatic archiving of logfiles and thought about > using the standard "newsyslog" for it. > > My problem though is that during archiving the logs should be renamed > to something like "." so the archived > files should contain the date/time when they have been archived. For > example an original file of "cisco.log" should give > "cisco.07-02-07-23-55-00.log". > > Does anybody out there know if "newsyslog" is capable of this? It isn't. > If not - is there another program that can archive/rename logfiles in > such a way? I'm sure there is, but I don't know any offhand. It's awfully easy to roll your own. You can even let newsyslog do the rotation and rename the files it puts out (using their mtime for your stamp). For example, I run the following on a monthly basis: cd ${HOME}/Mail filename=`date -v-1d '+sentmail.%Y-%m'` mv outgoing-mail archive/$filename It should probably check for an error on the cd command, but basically that's all you need. Be well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Renaming log files while archiving - newsyslog?
Hi, I want to set up automatic archiving of logfiles and thought about using the standard "newsyslog" for it. My problem though is that during archiving the logs should be renamed to something like "." so the archived files should contain the date/time when they have been archived. For example an original file of "cisco.log" should give "cisco.07-02-07-23-55-00.log". Does anybody out there know if "newsyslog" is capable of this? If not - is there another program that can archive/rename logfiles in such a way? Thanks much in advance for your help, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need to make sure my understanding of newsyslog is correct for a daemon I'm writing
On Fri, Jan 05, 2007 at 12:04:56PM -0700, Andrew Falanga wrote: > > Basically, I'm installing a signal handler for SIGHUP to do the following: > > reset the put pointer to the beginning of the file; > flush any data that may be in the buffer; > close the file; > reopen file; > > > Does this sound correct? Correct if you desire to truncate your own log file. Don't move to the beginning. Just flush any pending data to exactly where you were going to write them in the first place. > 1) copy file x contents to x.0 Not copy, rename. Can rename a file out from under a process that the process will still have the original (renamed) file open. > 2) truncate file x to zero bytes No, it creates a new file of zero bytes with the original name. > 3) send SIGHUP to process id Yes, and now your process has the renamed x.0 open. SIGHUP is asking you to finish up, close, and open the new x file. You have 10 seconds before the optional compression starts. > Is this how newsyslog would truncate the file? Am I missing something? > Should my signal handler function look differently? You could log by the Open-append, Write, Close, method for each entry. Don't ask newyslog to SIGHUP you at all. Much simpler. Extra open/closes probably don't cost anything measurable. Or you could log via syslogd. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Need to make sure my understanding of newsyslog is correct for a daemon I'm writing
Hi everybody, I'm working on the finishing touches to a server program I've just written and one of the things it needs to log information to a log file. I'm going to log to /var/log/file.log and to manage the growth I'm going to add this log file to the newsyslog.conf file. However, I'd like to make sure that the code I'm writing will work with how newsyslog is going to work. Basically, I'm installing a signal handler for SIGHUP to do the following: reset the put pointer to the beginning of the file; flush any data that may be in the buffer; close the file; reopen file; Does this sound correct? I'm going on the assumption (and this is what I want to have clarified) that newsyslog, when it finds that file x meets the rotate criteria, follows these steps: 1) copy file x contents to x.0 2) truncate file x to zero bytes 3) send SIGHUP to process id Is this how newsyslog would truncate the file? Am I missing something? Should my signal handler function look differently? Thanks for any help, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Newsyslog problem using Apache 2.2.x
At 8:22 AM +0200 5/29/06, Pelle Andersson wrote: A number of days ago I sucessfully upgraded Apache from 2.0.x series to 2.2.x series. Everything worked perfekt except newsyslog. I'm using the following in newsyslog.conf (worked perfect in Apache 2.0.x): /var/log/apache/*.log root:wheel 640 7 * $D05 GZB /var/run/httpd.pid 30 The error that returns is this: "newsyslog: log /var/log/apache/httpd-error.log.0 not compressed because daemon(s) not notified" "newsyslog: can't notify daemon, pid 30076: No such process" Your entry in newsyslog.conf tells newsyslog that it should look at the file /var/run/httpd.pid to find the active apache process. Newsyslog read that file when it needed to rotate the log files, and it found the number "30076" in that file. However, there was no process 30076 running at that time. Therefore, newsyslog has to assume that whatever process *is* writing to that file has not been notified that the file has changed. So it will not compress the httpd-error.log.0 file. So, you need to find out where the new version of apache is storing the active process-id (pid) for itself. -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Newsyslog problem using Apache 2.2.x
Hi List! Doesn't know if this is a FreeBSD error or a Apache error. Im using FreeBSD 4.10 PatchLevel #23. For a number of days ago i was sucessfully upgrading Apache from 2.0.x series to 2.2.x series. Everything worked perfekt except newsyslog. Im using the following in newsyslog.conf (worked perfect in Apache 2.0.x): /var/log/apache/*.log root:wheel 640 7 * $D05 GZB /var/run/httpd.pid 30 The error that returns is this: "newsyslog: log /var/log/apache/httpd-error.log.0 not compressed because daemon(s) not notified" "newsyslog: can't notify daemon, pid 30076: No such process" I also have some problem with SSL - but I don't know if these problems are related. I was using "passphrase exec:/dir/dir/..." - stoped working. Needed to change to "passphrase builtin" to get it work. Just a parenthesis of the above problem. BR, TIA - Pelle -- I am using the free version of SPAMfighter for private users. It has removed 17 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog: nonexistent time for 'at' value
In the last episode (Mar 29), Rob W. said: > newsyslog: nonexistent time for 'at' value: > /var/log/ipfw/ipfw.log 600 10*$W0D2 Z > > I keep getting this message emailed to me. I don't have any entries > in crontab or syslog. Anybody know what this is and how do I get rid > of it? You sure you don't have a line like this in /etc/crontab? 0 * * * * rootnewsyslog It looks like newsyslog is having problems parsing that $W0D2 value, but it works okay for me. Possibly the timezone you are in has a DST switch that skips directly from 1:59 to 3:00 next Sunday, which means there is no 2:00, which is why newsyslog is complaining. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog: nonexistent time for 'at' value
Scratch that, I found it out. It's in /etc/newsyslog.conf. I had an entry located in there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog: nonexistent time for 'at' value
newsyslog: nonexistent time for 'at' value: /var/log/ipfw/ipfw.log 600 10*$W0D2 Z I keep getting this message emailed to me. I don't have any entries in crontab or syslog. Anybody know what this is and how do I get rid of it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: about newsyslog
Please don't top-post. "Yavuz" <[EMAIL PROTECTED]> writes: > Hello again > I have already read that man pages about newsyslog > it only shows daily,weekly,yearly etc. but I couldn't find to change every > hour in everyday or to change every 3 hours in a day. > help please... In "man newsyslog.conf" there is a description "when" field. If you put a "1" in that field, the log will be rotated every hour. If you put a "3" in there, every three hours. If you want it at particular times, there are more complicated syntaxes for that field to do all kinds of fancier versions. > > - Original Message - > From: "Giorgos Keramidas" <[EMAIL PROTECTED]> > To: "Yavuz" <[EMAIL PROTECTED]> > Cc: > Sent: Tuesday, September 13, 2005 6:17 PM > Subject: Re: about newsyslog > > > > On 2005-09-13 18:09, Yavuz <[EMAIL PROTECTED]> wrote: > > > Hello > > > > > > I use FreeBSD5.3 > > > > > > I want to change maillog file more frequent. > > > As you know the file named maillog file changes once in a day. > > > There is a file named newsyslog.conf in /etc > > > How can I do change file named maillog everyhour with > /etc/newsyslog.conf ? > > > > By setting up the relevant line in your ``/etc/newsyslog.conf'' file: > > > > The format of this file is described in the manpage: > > > > % man newsyslog.conf > > > > If you do read the manpage and you still have questions, then it's > > either a bug of the manpage or something we can clarify on the list, > > so don't hesitate to ask again :-) > > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: about newsyslog
Hello again I have already read that man pages about newsyslog it only shows daily,weekly,yearly etc. but I couldn't find to change every hour in everyday or to change every 3 hours in a day. help please... - Original Message - From: "Giorgos Keramidas" <[EMAIL PROTECTED]> To: "Yavuz" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, September 13, 2005 6:17 PM Subject: Re: about newsyslog > On 2005-09-13 18:09, Yavuz <[EMAIL PROTECTED]> wrote: > > Hello > > > > I use FreeBSD5.3 > > > > I want to change maillog file more frequent. > > As you know the file named maillog file changes once in a day. > > There is a file named newsyslog.conf in /etc > > How can I do change file named maillog everyhour with /etc/newsyslog.conf ? > > By setting up the relevant line in your ``/etc/newsyslog.conf'' file: > > The format of this file is described in the manpage: > > % man newsyslog.conf > > If you do read the manpage and you still have questions, then it's > either a bug of the manpage or something we can clarify on the list, > so don't hesitate to ask again :-) > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: about newsyslog
On 2005-09-13 18:09, Yavuz <[EMAIL PROTECTED]> wrote: > Hello > > I use FreeBSD5.3 > > I want to change maillog file more frequent. > As you know the file named maillog file changes once in a day. > There is a file named newsyslog.conf in /etc > How can I do change file named maillog everyhour with /etc/newsyslog.conf ? By setting up the relevant line in your ``/etc/newsyslog.conf'' file: The format of this file is described in the manpage: % man newsyslog.conf If you do read the manpage and you still have questions, then it's either a bug of the manpage or something we can clarify on the list, so don't hesitate to ask again :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
about newsyslog
Hello I use FreeBSD5.3 I want to change maillog file more frequent. As you know the file named maillog file changes once in a day. There is a file named newsyslog.conf in /etc How can I do change file named maillog everyhour with /etc/newsyslog.conf ? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog
On Thu, Mar 17, 2005 at 07:09:06PM +0200, Chris Knipe wrote: > Can anyone perhaps just give me a sample for 'when' in newsyslog.conf to > get rotation to rotate at 00:00 on the 1st of the month? > > I tried '@$M18D0' to no evail... > > -- > Chris. From the syslog manpage: $M1D0 rotate at the first day of every month at midnight (i.e., the start of the day; same as @01T00) Have you already tried this? Nathan pgpFaT5MesEmc.pgp Description: PGP signature
Re: newsyslog
In the last episode (Mar 17), Chris Knipe said: > Can anyone perhaps just give me a sample for 'when' in newsyslog.conf to > get rotation to rotate at 00:00 on the 1st of the month? > > I tried '@$M18D0' to no evail... If you drop the @, that would rotate on the 18th day of every month. Try (from the manpage): $M1D0 rotate at the first day of every month at midnight (i.e., the start of the day; same as @01T00) -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog
Can anyone perhaps just give me a sample for 'when' in newsyslog.conf to get rotation to rotate at 00:00 on the 1st of the month? I tried '@$M18D0' to no evail... -- Chris. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog & syslogd on 5.1 release
On Tue, Jan 04, 2005 at 10:52:59PM +0200, Petre Bandac wrote: > where from is newsyslog being called to rotate the logs ? (from what I > read in the manpages, its only task is to rotate the logs); I can't > find it in /etc/periodic > > thanks, > > petre It's a system cron job. Check /etc/crontab. Nathan pgpFHV2i7mZfz.pgp Description: PGP signature
newsyslog & syslogd on 5.1 release
where from is newsyslog being called to rotate the logs ? (from what I read in the manpages, its only task is to rotate the logs); I can't find it in /etc/periodic thanks, petre -- Login: petreName: Petre Bandac Directory: /home/petre Shell: /usr/local/bin/zsh On since Mon Jan 3 10:10 (EET) on ttyv0, idle 6:43 (messages off) Last login Mon Jan 3 21:43 (EET) on ttyp7 from lubyanka.kgb.ro New mail received Mon May 24 19:09 2004 (EEST) Unread since Tue Feb 17 12:31 2004 (EET) No Plan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog
At 10:07 AM -0500 12/11/04, munn wrote: I have two FreeBSD machines running 4.10-RELEASE-p5. On machine A newsyslog rolls over the log files perfectly, on Machine B I get the message: /var/log/auth.log.0: No such file or directory The newsyslog.conf entries are : MACHINE A: /var/log/auth.log600 7 100 * Z MACHINE B: /var/log/auth.log600 7 100 $W6D0 Z An ls of the /var/log directory yields ls -ltr auth* -rw--- 1 root wheel 97872 Dec 11 00:00 auth.log.1 -rw--- 1 root wheel 95 Dec 11 00:00 auth.log.0.gz -rw--- 1 root wheel176 Dec 11 09:42 auth.log I have looked relevant permissions and files sizes on both machines and they are identical. Can anyone suggest what the problem is? Is the time entry the issue ... I just copied it from another entry in the newsyslog.conf file. I doubt the time-entry would be the issue. That will only effect *when* a file gets rotated. It should have no effect on what should be done once it is decided to rotate the file. You might try running 'newsyslog -nvv', and see if that shows a difference between the two machines. Is that 'ls' command from the machine which works, or the one which does not work? Either way, it doesn't seem quite right. You should either see 'auth.log.0.gz' and 'auth.log.1.gz', or you should see 'auth.log.0' and 'auth.log.1'. The program is complaining that it can not find 'auth.log.0', and sure enough there is no 'auth.log.0'. You might want to try 'gunzip /var/log/auth.log.0.gz', and then run newsyslog and see if it works any better. -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog
I have two FreeBSD machines running 4.10-RELEASE-p5. On machine A newsyslog rolls over the log files perfectly, on Machine B I get the message /var/log/auth.log.0: No such file or directory The newsyslog.conf entries are : MACHINE A : /var/log/auth.log 600 7 100 * Z MACHINE B: /var/log/auth.log 600 7 100 $W6D0 Z An ls of the /var/log directory yields ls -ltr auth* -rw--- 1 root wheel 97872 Dec 11 00:00 auth.log.1 -rw--- 1 root wheel 95 Dec 11 00:00 auth.log.0.gz -rw--- 1 root wheel176 Dec 11 09:42 auth.log I have looked relevant permissions and files sizes on both machines and they are identical. Can anyone suggest what the problem is? Is the time entry the issue ... I just copied it from another entry in the newsyslog.conf file. With thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and chrooted bind on 5.3
On Sat, 20 Nov 2004, Ruben de Groot wrote: On Sat, Nov 20, 2004 at 07:45:56AM +0100, Kees Plonsz typed: Vince Hoffman wrote: Hi all, since i updated my server to 5.3 and went with the default option of chrooting bind, anytime named recives a HUP signal it dies. Is this expected ? its a bit of a bugger as i will have to use cron and a short shell script instead of an entry in newsyslog.conf. You can let bind log through the syslog facility. I think that's even the default. That way there's no need to "HUP" named. Thanks for the reply, I'll go back to letting syslog do its job i guess ;) I only had it logging to files to try and separate some statistics at one point. Vince Vince There was a discussion about that a few hours ago. Use "/etc/rc.d/named restart" instead. That won't work with newsyslog. newsyslog needs a pidfile to send a HUP to the logging proces after the logs are rotated. Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and chrooted bind on 5.3
On Sat, Nov 20, 2004 at 07:45:56AM +0100, Kees Plonsz typed: > Vince Hoffman wrote: > > > Hi all, > > since i updated my server to 5.3 and went with the default option > > of chrooting bind, anytime named recives a HUP signal it dies. Is this > > expected ? its a bit of a bugger as i will have to use cron and a short > > shell script instead of an entry in newsyslog.conf. You can let bind log through the syslog facility. I think that's even the default. That way there's no need to "HUP" named. > > Vince > > There was a discussion about that a few hours ago. > Use "/etc/rc.d/named restart" instead. That won't work with newsyslog. newsyslog needs a pidfile to send a HUP to the logging proces after the logs are rotated. Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and chrooted bind on 5.3
Vince Hoffman wrote: > Hi all, > since i updated my server to 5.3 and went with the default option > of chrooting bind, anytime named recives a HUP signal it dies. Is this > expected ? its a bit of a bugger as i will have to use cron and a short > shell script instead of an entry in newsyslog.conf. > > Vince There was a discussion about that a few hours ago. Use "/etc/rc.d/named restart" instead. I wonder if you get an error about "named/pid" from that script if you restart named. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog and chrooted bind on 5.3
Hi all, since i updated my server to 5.3 and went with the default option of chrooting bind, anytime named recives a HUP signal it dies. Is this expected ? its a bit of a bugger as i will have to use cron and a short shell script instead of an entry in newsyslog.conf. Vince ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems with newsyslog
On Fri, Sep 10, 2004 at 02:35:11PM +0100, [EMAIL PROTECTED] wrote: > I have just acquired a new virtual server and have set up newsyslog.conf > to mirror that on my old virtual server. On my old server the logs are > rotated and compressed without any problems. The old server runs > FreeBSD 4.9. > > The new server runs FreeBSD 4.10, and I'm getting the following errors > reported by Cron > --- > newsyslog: can't notify daemon, pid 84000: Operation not permitted > newsyslog: log /var/log/maillog.0 not compressed because daemon(s) not > notified > newsyslog: can't notify daemon, pid 43506: Operation not permitted > newsyslog: log /var/log/ssl_engine_log.0 not compressed because > daemon(s) not notified > ... > -- > > pid 84000 refers to /usr/sbin/syslogd -s > pid 43506 refers to /usr/local/sbin/httpd -DSSL > > I cannot see any difference in way I have setup newsyslog and am at a > loss to know how to proceed. > > Any help would be greatly appreciated. Usually this error message means that the daemon in question has died or in some way been restarted so that the PID number that newsyslog reads out of one of the files under /var/run has become bogus (in this case. /var/run/sendmail.pid or /var/run/httpd.pid). However, if sendmail or apache httpd are running, and you haven't specifically configured them not to, then they will write their PIDs into those files. The other possibility is that you are trying to run newsyslog using a non-root UID, which means it will not be permitted to send signals to arbitrary processes, or that the newsyslog process does not have sufficient privileges to read those PID files. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpeOmbYbZHG4.pgp Description: PGP signature
Problems with newsyslog
I have just acquired a new virtual server and have set up newsyslog.conf to mirror that on my old virtual server. On my old server the logs are rotated and compressed without any problems. The old server runs FreeBSD 4.9. The new server runs FreeBSD 4.10, and I'm getting the following errors reported by Cron --- newsyslog: can't notify daemon, pid 84000: Operation not permitted newsyslog: log /var/log/maillog.0 not compressed because daemon(s) not notified newsyslog: can't notify daemon, pid 43506: Operation not permitted newsyslog: log /var/log/ssl_engine_log.0 not compressed because daemon(s) not notified ... -- pid 84000 refers to /usr/sbin/syslogd -s pid 43506 refers to /usr/local/sbin/httpd -DSSL I cannot see any difference in way I have setup newsyslog and am at a loss to know how to proceed. Any help would be greatly appreciated. TIA Graeme ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog bizarreness
Daren wrote: Hi, I recently removed a couple of lines from newsyslog.conf, and now every hour I'm getting an email from cron telling me that newsyslog complained about the lines which are now deleted! There is definately only one config file, and if I run newsyslog from command line, it exits without a problem and running it in verbose, it doesn't see the two lines. Is there something about the cronned newsyslog that's different? Oddly, the actual error is a mis-interpretation to do with the size field (it is reading the time/date field). Any ideas on this? Ok, sorry, forget that. One very stupid oversight on my behalf! Sorted now. Cheers Daren ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog bizarreness
Hi, I recently removed a couple of lines from newsyslog.conf, and now every hour I'm getting an email from cron telling me that newsyslog complained about the lines which are now deleted! There is definately only one config file, and if I run newsyslog from command line, it exits without a problem and running it in verbose, it doesn't see the two lines. Is there something about the cronned newsyslog that's different? Oddly, the actual error is a mis-interpretation to do with the size field (it is reading the time/date field). Any ideas on this? Thanks Daren ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: newsyslog and apache
On Mon, 22 Mar 2004 21:37:47 -0500, Garance A Drosihn wrote > At 5:19 PM -0800 3/22/04, Noah wrote: > > > >I ask that you please be specific as to what you think is wrong > >with my newsyslog.conf file because I cant seem to figure out > >what you are talking about here? Looks like my newsyslog.conf > >file matches the recommended config: > > Hi. > > I do not run apache at all, but I am the guy who has done the > most-recent work on the newsyslog command. > > If I were to guess, I think your problem might be that you end > up sending multiple USR1 signals to apache. I haven't looked > at the code recently, but I think the freebsd newsyslog still > does not optimize the number of signal's that it sends to a > single process. > > What I would suggest you try is some kind of staggered setup. > (it's an easy thing to try...). Something like: > > .../www.domain1.com/access_log 640 30 * @T00 ZN > .../www.domain1.com/error_log 640 30 * @T00 Z > /var/run/httpd.pid 30 .../www.domain2.org/access_log 640 30 * > @T02 ZN .../www.domain2.org/error_log 640 30 * @T02 Z > /var/run/httpd.pid 30 .../www.domain3.com/access_log 640 30 * > @T04 ZN .../www.domain3.com/error_log 640 30 * @T04 Z > /var/run/httpd.pid 30 > okay I have done this but I am about 12 levels in and getting the following response from newsyslog --- snip --- # newsyslog newsyslog: malformed 'at' value: /usr/local/www/logs/www.domain12.com/access_log 644 30* @T24 ZN --- snip --- do you have any clue why this is happening? cheers, Noah > (the ...'s are just an attempt to avoid line-wrapping in this > message. you still want the full pathname in the control file) > > The idea is to rotate the log-and-error files for any one domain > at the same time, and only specify the pid once for that group. > And then wait two minutes between the files for each domain name. > > See if that helps you at all. > > -- > Garance Alistair Drosehn= [EMAIL PROTECTED] > Senior Systems Programmer or [EMAIL PROTECTED] > Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: issue newsyslog cmd from perl scrip
On Wed, 12 May 2004, JJB wrote: [ ...snip...]> > # issue command and capture verbose o/p to $line > newsyslog "-v $logfile" > $line; # this statement gets error [...snip...] It would be helpful to see exactly what the error is, but I would guess it's that 'newsyslog' is not a perl function. To run another executable from within a perl script, you need to do something like: system("newsyslog \"-v $logfile\" > $line"); there are, of course, other ways to do it as well. -- David Fleck [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
issue newsyslog cmd from perl scrip
I run 2 abuse IP perl script that I got from dshield.com that read my ipfilter log and create an email containing list of abusive source ip address. Them last week I got hit by an Dos attack that filled up my ipfilter logs. The logs were rotated by newsyslog past the 3 deep specified in the newsyslog.conf file. The Dos attack did not hurt me, but I lost many of the logs without running my abuse scripts against them. I need some way to automatically run my abuse scripts when ever just the ipfilter log gets rotated. Cron runs the newsyslog command at the top of the hour. I will just add this wrapper script to cron to run every 15 min. Reading man newsyslog says I can create an wrapper script to issue the newsyslog command using the -v flag for verbose to generate an o/p message and by adding the path and name of the log I want to rotate to the end of the command. Testing newsyslog -v /var/log/test will give an text message which I can parse on and build logic around. Did some cut and pasting from some scripts I had to create the following script logic. I do not have any examples of perl scrip executing another perl script or Freebsd command to copy from. I can not get the perl syntax correct to call the newsyslog command, or my perl scripts I want to run if the log was rotated. Can someone please help me with this perl scrip? #!/usr/bin/perl use Getopt::Std; getopts("v:s:"); $verbose=$opt_v; # the verbose script option is used to create #an ready trace of the logic flow. # Path and file name of ipfilter log file $logfile="/var/log/test"; $rotatedlogfile="/var/log/test.0"; debug("exec newsyslog cmd\n"); # the o/p of newsyslog verbose looks like this #/var/log/test <10>: size (Kb): 76 [10] --> trimming log #/var/log/test <10>: size (Kb): 76 [100] --> skipping # issue command and capture verbose o/p to $line newsyslog "-v $logfile" > $line; # this statement gets error debug("op from newsyslog cmd = $line\n"); # parse line to extract relevant field @f=split(/\s+/,$line); $rotated=$f[8]; debug("rotated = $rotated\n"); if ($rotated eq "skipping"); { debug("log not rotated\n"); } else; { debug("log rotated\n"); # run custom scripts, this is probably wrong also abuse_dshield.pl -l /var/log/test.0; abuse_adelphia.pl -l /var/log/test.0; cat /var/log/test.0 >> /usr/log/test.all; rm /var/log/test.0; } exit sub debug { if ($verbose==1) { print(STDERR @_); } } ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog command in an script
On Tue, May 11, 2004 at 11:04:21PM -0400, JJB wrote: > In an csh script I want to issue newsyslog /var/log/security. I need > feedback from the newsyslog command in the form of an script > testable return code / exit code so I can determine if the specified > log met the rotate trigger for that file as defined in the > newsyslog.conf file and the file was rotated or not. I have tested > and know that newsyslog /var/log/security does check the > newsyslog.config for an entry of /var/log/security and checks the > size/time/date trigger to determine if file needs rotating. Is there any particular reason you've decided to write your script in *csh*? That is, I'm afraid, in very poor taste. For a full exposition of csh programming is considered harmful, see: http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/ Keep csh(1) for what it does best -- being an interactive shell -- and do all your shell programming using Bourne shell. This may seem like arbitrary and irrelevant advice right now, but trust me: keep programming in csh and you're going to regret it. Maybe not today, maybe not tomorrow, but some and for the rest fo your life. > So my question boils down to does the newsyslog command issue an > return code I can check in an script to see if the log was rotated > or not? If so what would the csh script command look like to perform > the test? Now, your question: unfortunately newsyslog(1) does not indicate any sort of success or failure via it's return code. Infact, unless you give it a nonsensical command line triggering the usage() message, it will always return a successful status. Your next alternative is to test and see if the logfile is large enough to trigger newsyslog. In order to get the size of the file in bytes use: filesize=`stat -f %z filename` Then to test that the filesize is greater than 100k (which is the typical size used to trigger logfile rotation in newsyslog.conf): if $(( $filesize > 100 * 1024 )) ; then # Stuff to do if the file is bigger ... fi Alternative approaches would be to look at the modification times on the *rotated* log files -- obviously the modification time on an active log file is constantly changing. Again the stat(1) command can get you that information: stat -f %m filename which gets you the time expressed as the number of seconds since the epoch (00:00h, 1st January 1970 UTC). Hint: to get the current time+date in the same format use: date +%s Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Force newsyslog to rotate from custon script
please. top-post, Don't > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Lowell Gilbert > Sent: Wednesday, May 12, 2004 8:54 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] ORG > Subject: Re: Force newsyslog to rotate from custon script > > "JJB" <[EMAIL PROTECTED]> writes: > > > Problem description: My ipfilter log is rotated using > > newsyslog.conf. The file is rotated on file size option. I have > > custom script that reads the log and builds email containing list > of > > abusive source IP address. This custom script is included in the > > daily management report process. Problem is that on days that > there > > is a lot of blocked traffic the log may rotate multiple times and > my > > daily management report script only runs against the current > active > > log. > > > > Is their some way to keep the log defined in newsyslog.conf > without > > any rotate option and add something to my custom script to tell > > newsyslog to rotate the log after the script has processed the > > current active log file? > > I would recommend a slightly different approach. Either of a couple > of different approaches, in fact... > > One way to do this would be to use a separate config file for > newsyslog(8) rather than /etc/newsyslog.conf. Then you run > newsyslog > and use the -f option to have it use your special-purpose > configuration just for rotating this ipfilter log. > > The other way would be to do the rotation directly, in your script > which processes the file. It should only take three or four > commands > in the script. That would let you more or less eliminate any race > conditions that might leave data out of your logs. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > "JJB" <[EMAIL PROTECTED]> writes: > Thanks for your reply > > Both of your suggestions are good but have the same problem. > > When the newsyslog command is run the rotate space trigger in > newsyslog.conf may or may not be met. If your script does the rotation itself, it will know whether and when the rotation occurred. > I need an return code or exit code from the newsyslog command to > check to tell if trigger was met and log really rotated. > Does newsyslog issue such codes and how would I code an csh script > to check for it? That's not available; newsyslog is intended for handling multiple files, which would make such an exit code indeterminate. You could get fairly close by running newsyslog in verbose mode and parsing out the result. > Trying to for see an DOS attack targeted at consuming all the log > disk space in /var If you just put /var/log on its own filesystem, such an attack wouldn't hurt you much even if it managed to fill up the filesystem. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Force newsyslog to rotate from custon script
Thanks for your reply Both of your suggestions are good but have the same problem. When the newsyslog command is run the rotate space trigger in newsyslog.conf may or may not be met. I need an return code or exit code from the newsyslog command to check to tell if trigger was met and log really rotated. Does newsyslog issue such codes and how would I code an csh script to check for it? Trying to for see an DOS attack targeted at consuming all the log disk space in /var -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lowell Gilbert Sent: Wednesday, May 12, 2004 8:54 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: Force newsyslog to rotate from custon script "JJB" <[EMAIL PROTECTED]> writes: > Problem description: My ipfilter log is rotated using > newsyslog.conf. The file is rotated on file size option. I have > custom script that reads the log and builds email containing list of > abusive source IP address. This custom script is included in the > daily management report process. Problem is that on days that there > is a lot of blocked traffic the log may rotate multiple times and my > daily management report script only runs against the current active > log. > > Is their some way to keep the log defined in newsyslog.conf without > any rotate option and add something to my custom script to tell > newsyslog to rotate the log after the script has processed the > current active log file? I would recommend a slightly different approach. Either of a couple of different approaches, in fact... One way to do this would be to use a separate config file for newsyslog(8) rather than /etc/newsyslog.conf. Then you run newsyslog and use the -f option to have it use your special-purpose configuration just for rotating this ipfilter log. The other way would be to do the rotation directly, in your script which processes the file. It should only take three or four commands in the script. That would let you more or less eliminate any race conditions that might leave data out of your logs. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Force newsyslog to rotate from custon script
"JJB" <[EMAIL PROTECTED]> writes: > Problem description: My ipfilter log is rotated using > newsyslog.conf. The file is rotated on file size option. I have > custom script that reads the log and builds email containing list of > abusive source IP address. This custom script is included in the > daily management report process. Problem is that on days that there > is a lot of blocked traffic the log may rotate multiple times and my > daily management report script only runs against the current active > log. > > Is their some way to keep the log defined in newsyslog.conf without > any rotate option and add something to my custom script to tell > newsyslog to rotate the log after the script has processed the > current active log file? I would recommend a slightly different approach. Either of a couple of different approaches, in fact... One way to do this would be to use a separate config file for newsyslog(8) rather than /etc/newsyslog.conf. Then you run newsyslog and use the -f option to have it use your special-purpose configuration just for rotating this ipfilter log. The other way would be to do the rotation directly, in your script which processes the file. It should only take three or four commands in the script. That would let you more or less eliminate any race conditions that might leave data out of your logs. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
newsyslog command in an script
In an csh script I want to issue newsyslog /var/log/security. I need feedback from the newsyslog command in the form of an script testable return code / exit code so I can determine if the specified log met the rotate trigger for that file as defined in the newsyslog.conf file and the file was rotated or not. I have tested and know that newsyslog /var/log/security does check the newsyslog.config for an entry of /var/log/security and checks the size/time/date trigger to determine if file needs rotating. So my question boils down to does the newsyslog command issue an return code I can check in an script to see if the log was rotated or not? If so what would the csh script command look like to perform the test? Thanks Joe ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Force newsyslog to rotate from custon script
Problem description: My ipfilter log is rotated using newsyslog.conf. The file is rotated on file size option. I have custom script that reads the log and builds email containing list of abusive source IP address. This custom script is included in the daily management report process. Problem is that on days that there is a lot of blocked traffic the log may rotate multiple times and my daily management report script only runs against the current active log. Is their some way to keep the log defined in newsyslog.conf without any rotate option and add something to my custom script to tell newsyslog to rotate the log after the script has processed the current active log file? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
In the immortal words of "Noah" <[EMAIL PROTECTED]>... > Okay this looks like a viable option. can rotatelogs also age out and > delete log files that are older than 30 days? And does it compress > the log files as well? No, but it isn't hard to come up with a script to proces the logs in any way you see fit. Regardless of what you choose to do to the logs, you don't have to restart apache, which I thought was the main object of your question. The main advantage to doing it this way is that the logs will be pretty much rotated simultaneously by apache, so a couple of minutes after it's scheduled, you can run a script to compress, analyse, delete or whatever the rotated logfile. Cheers Tim -- Tim Aslat <[EMAIL PROTECTED]> Spyderweb Consulting http://www.spyderweb.com.au P: +61 8 82243020M: +61 0401088479 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Fri, 23 Apr 2004 12:36:02 +0930, Tim Aslat wrote > In the immortal words of "Noah" <[EMAIL PROTECTED]>... > > this advice does not give me many warm fuzzies - the website appears > > to be down. any other util recommendations that rotate hundreds of > > apache logs files really well. newsyslog is not meeting our > > requirements at the moment. > > Have you tried using the internal rotation code in apache? > > this excerpt from "man rotatelogs" should provide more information >rotatelogs is a simple program for use in conjunction with > Apache's piped logfile feature which can be used like this: > > TransferLog "| rotatelogs /path/to/logs/access_log 86400" > Okay this looks like a viable option. can rotatelogs also age out and delete log files that are older than 30 days? And does it compress the log files as well? - Noah >This creates the files /path/to/logs/access_log. where > is the system time at which the log nominally starts > (this time will always be a multiple of the rotation time, so > you can synchronize cron scripts with it). At the end of > each rotation time (here after 24 hours) a new log is started. > > Logging is internal to apache, and doesn't require apache to be > restarted. > > Hope this helps > > Cheers > > Tim > > -- > Tim Aslat <[EMAIL PROTECTED]> > Spyderweb Consulting > http://www.spyderweb.com.au > P: +61 8 82243020M: +61 0401088479 > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
In the immortal words of "Noah" <[EMAIL PROTECTED]>... > this advice does not give me many warm fuzzies - the website appears > to be down. any other util recommendations that rotate hundreds of > apache logs files really well. newsyslog is not meeting our > requirements at the moment. Have you tried using the internal rotation code in apache? this excerpt from "man rotatelogs" should provide more information rotatelogs is a simple program for use in conjunction with Apache's piped logfile feature which can be used like this: TransferLog "| rotatelogs /path/to/logs/access_log 86400" This creates the files /path/to/logs/access_log. where is the system time at which the log nominally starts (this time will always be a multiple of the rotation time, so you can synchronize cron scripts with it). At the end of each rotation time (here after 24 hours) a new log is started. Logging is internal to apache, and doesn't require apache to be restarted. Hope this helps Cheers Tim -- Tim Aslat <[EMAIL PROTECTED]> Spyderweb Consulting http://www.spyderweb.com.au P: +61 8 82243020M: +61 0401088479 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Thu, 22 Apr 2004 18:53:49 -0800, Noah wrote > On Mon, 22 Mar 2004 11:54:21 +, Jez Hancock wrote > > On Mon, Mar 22, 2004 at 03:06:22AM -0800, Noah wrote: > > > apache complains of being out of memory during a graceful restart when > > > newsyslog is sending a series of SIGUSR1 signal to it. Any clues on this? > > > > This looks familiar from the apache-httpd-users list :P > > > > I'm not sure about your specific problem, but have you considered using > > cronolog instead of depending on newsyslog to rotate your logs daily? > > > > In the ports: > > > > /usr/ports/sysutils/cronolog > > > > On the web: > > > > http://cronlog.org/ > okay it was a mistype http://www.cronolog.org works fine - Noah > Hi there, > > this advice does not give me many warm fuzzies - the website appears > to be down. any other util recommendations that rotate hundreds of > apache logs files really well. newsyslog is not meeting our > requirements at the moment. > > - Noah > > > > > -- > > Jez Hancock > > - System Administrator / PHP Developer > > > > http://munk.nu/ > > http://jez.hancock-family.com/ - Another FreeBSD Diary > > http://ipfwstats.sf.net/- ipfw peruser traffic logging > > ___ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newsyslog and apache
On Mon, 22 Mar 2004 11:54:21 +, Jez Hancock wrote > On Mon, Mar 22, 2004 at 03:06:22AM -0800, Noah wrote: > > apache complains of being out of memory during a graceful restart when > > newsyslog is sending a series of SIGUSR1 signal to it. Any clues on this? > > This looks familiar from the apache-httpd-users list :P > > I'm not sure about your specific problem, but have you considered using > cronolog instead of depending on newsyslog to rotate your logs daily? > > In the ports: > > /usr/ports/sysutils/cronolog > > On the web: > > http://cronlog.org/ Hi there, this advice does not give me many warm fuzzies - the website appears to be down. any other util recommendations that rotate hundreds of apache logs files really well. newsyslog is not meeting our requirements at the moment. - Noah > > -- > Jez Hancock > - System Administrator / PHP Developer > > http://munk.nu/ > http://jez.hancock-family.com/ - Another FreeBSD Diary > http://ipfwstats.sf.net/- ipfw peruser traffic logging > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"