Fixing Log Rotation Problems
Since installing cpanel on some of our server, we noticed the logs in /usr/local/apache/logs/* growing out of control without ever being rotated. In /etc/logrotate.d the script called "httpd" is the reason why. Its totally wrong. Its looking for files located in /var/log/httpd/ and that is not where my log files are located. In fact, we dont even have files in this directory. Its completely empty.
the whole thing should be changed to:
/usr/local/apache/logs/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
In addition, you may want to add the follow logs to the list above
and any other files you find that needs to be rotated in this directory.
ssl_engine_log
suexec_log
You could leave out agent_log and referer_log since i dont see those as even existing in my /logs/* directory but if you have them add them.
UDDATE: 08-23-03 - Thanks dkair!!!!
httpd.pid is not located in /var/run/. On my server its located in /usr/local/apache/logs. Also in "apache" change the following line;
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
to
/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
End Change
Editing logrotate.conf
In /etc/logrotate.conf where is the reference to lastlog? The default apache log includes a rotatation of lastlog but i didnt find an entry in my logrotate.conf.
My /var/log/lastlog was around 19megs so add the following to logrotate.conf so the added entry looks like this.
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 2
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
/var/log/maillog* {
weekly
rotate 1
}
/usr/local/cpanel/logs/access_log {
weekly
rotate 1
}
/usr/local/cpanel/logs/stats_log {
weekly
rotate 1
}
SSL logs:
If your running ssl on your server you will find some huge log files in /var/log if you have never rotated them. Ours was hitting 51megs. Your SSL log files will match the name of your hostname or the name of your certificate or both depending on how many SSL certs you have running. You could also add those above.
Also, do you really need to keep 4 sets of rotated logs? I rarely refer back that far unless i have some problem and i need to go back to view the logs but usually going back 1 or 2 weeks of rotated logs is sufficient. I have changed my number of backup logs in logrotate.conf to 2. Old rotated logs even going back 4 weeks could take up huge amounts of disk space if there was alot of activity. Consider compressing the rotated logs. Simply uncomment #compress which will compress your old rorated logs.
Now whats happening to xferlog? It was being rotated at one stage but no longer. The last time it was rotated was back in Nov 22 of 2002 on my box. Since then the file has grown to 25megs and not rotated. So was it lost somewhere in all the cpanel updates? One will never know since i cannot find any reference anywhere to it being rotated. If this is also the case on your box do this. If anyone knows where its being rotated let me know because i cannot find it
cd /etc/logrotate.d
is there proftpd in that directory?
FIX;
in the logrotate directory create proftpd
pico or vi proftpd
add;
/var/log/xferlog {
postrotate
/bin/kill -HUP `cat /var/proftpd.pid 2> /dev/null` 2> /dev/null || true
endscript
missingok
}
End Change
Save it.
Thanks to Aussie for his contribution.