Menu
Last week I found a problem on my server, because the disk usage was 100%, and I found out apache had created a huge error.log file of 60GB. I changed then the LogLevel to emerg, but after one week, it is again 1.3GB which is definitely too much.
Moreover, I have an access.log of 6MB and an other_vhosts_access.log of 167MB. So I found out that the problem could be logrotate not working. Actually the gzipped files of the logs have a very old date (23rd February).
So I tried first to change the configuration of the logrotate file for apache2, adding a max size for the file, looking now like this:
/var/log/apache2/*.log {
weekly
size 500M
missingok
rotate 20
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
After this I tried manually to force logrotate to run a specific configuration for apache with
logrotate -f /etc/logrotate.d/apache2
and I got this error:
error: skipping "/var/log/apache2/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/apache2/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/apache2/other_vhosts_access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
The strange thing is that in some way it run the rotation, creating an empty error.log file, but with different permissions from the old one, and not compressing the existing error.log.
Looking at apache log directory, it looks now like this:
-rwxrwxrwx 1 root adm 6.3M Oct 21 10:54 access.log
-rwxrwxrwx 1 root adm 22K Feb 18 2014 access.log.1
-rwxrwxrwx 1 root adm 7.0K Feb 16 2014 access.log.2.gz
-rwxrwxrwx 1 root adm 4.0K Feb 9 2014 access.log.3.gz
-rw------- 1 amministratore amministratore 0 Oct 21 10:32 error.log
-rw-r--r-- 1 root root 1.3G Oct 21 10:57 error.log.1
-rwxrwxrwx 1 root adm 167M Oct 21 10:57 other_vhosts_access.log
-rwxrwxrwx 1 root adm 225K Feb 23 2014 other_vhosts_access.log.1
-rwxrwxrwx 1 root adm 16K Feb 15 2014 other_vhosts_access.log.2.gz
-rwxrwxrwx 1 root adm 3.2K Feb 8 2014 other_vhosts_access.log.3.gz
So what is the right way to proceed?
Should I change the permissions of the /var/log/apache2 directory? (which is now 777) I didn't set these permissions and I don't know if it is correct.
Or should I tell logrotate which user to use for rotation? And how?
628
Use the file /etc/logrotate. conf to change the settings for all your logs. You van change weekly to daily so the logs are rotated every day.
You can check the settings of logrotate , usually in /etc/logrotate. conf . Modern distros have a specific logrotate configuration file in the /etc/logrotate. d directory.
logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Normally, logrotate is run as a daily cron job.
Tells logrotate which command to use when mailing logs. This command should accept two arguments: 1) the subject of the message, and 2) the recipient. The command must then read a message on standard input and mail it to the recipient. The default mail command is /bin/mail -s.
just add su root adm to the config file:
/var/log/apache2/*.log {
# …
su root adm
}
Following the instructions from a Website, I have just changed the logrotate configuration file, adding the requested su directive as follows and now it rotates in the right way.
su <user> <group>
I've got "parent directory has insecure permissions" on attempt to force-rotate syslog.
Here is how I solved it:
cat /etc/logrotate.conf
...
# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog
vim /etc/logrotate.d/rsyslog
# Add to top:
su root syslog
logrotate -f /etc/logrotate.d/rsyslog
# No errors now, log is rotated.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
