Closed troffasky closed 3 years ago
It's ok, I'm not sure why it says syntax error, but it gets executed anyway. If you want manually do a logrotation, you need to add the "--force" switch inside /home/www-data/waf2py_community/applications/Waf2Py/scripts/logrotate
I am going to uncomment line 12 and see what happens overnight.
if you uncomment the "postrotate" block you may break the logs files. They will be rotated but will remains in blank even with a restart of nginx. This was happening because a bug in modsecurity or nginx... I don't remember now.... I had to switch to the option "copytruncate" to solve this. I think is already fixed in those days. I haven't tried yet. Tell me if works!
Here is how it looks like a successfully log rotation:
root@debian:/opt/waf/nginx/var/log/www.climbersoul.com# /bin/bash /home/www-data/waf2py_community/applications/Waf2Py/scripts/logrotate
reading config file /home/www-data/waf2py_community/applications/Waf2Py/logrotation.d/www.climbersoul.com.conf
error: /home/www-data/waf2py_community/applications/Waf2Py/logrotation.d/www.climbersoul.com.conf:13 unexpected log filename
error: found error in /opt/waf/nginx/var/log/www.climbersoul.com/*.log , skipping**
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries
Creating new state
Creating new state
Creating new state
`***** SNIPPED *****
considering log /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_debug.log
Now: 2020-08-27 18:48
Last rotated at 2020-08-27 18:00
log does not need rotating (log is empty)
considering log /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_error.log
Now: 2020-08-27 18:48
Last rotated at 2020-08-27 18:00
log needs rotating
rotating log /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_access.log, log->rotateCount is 10
dateext suffix '-20200827'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
/opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_audit.log.1
truncating /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_audit.log
copying /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_error.log to /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_error.log.1
truncating /opt/waf/nginx/var/log/www.climbersoul.com/www.climbersoul.com_error.log
compressing log with: /bin/gzip
compressing log with: /bin/gzip
compressing log with: /bin/gzip`
Cheers.
OK, rotation worked with lines 10,11,12 uncommented, but there is something slightly odd about access.log - it seems to lag the other log files, then catch up again later... [local time here is 1435]:
root@waf2py-demo:~# ls -al /opt/waf/nginx/var/log/Application_name/ -tr
total 536
drwxr-xr-x 4 www-data www-data 4096 Aug 26 15:06 ..
-rwxr-xr-x 1 www-data www-data 0 Aug 26 15:09 Application_name_debug.log
drwxr-xr-x 2 www-data www-data 4096 Aug 26 15:09 tmp
-rwxr-xr-x 1 www-data www-data 19501 Aug 27 10:01 Application_name_access.log.2.gz
-rwxr-xr-x 1 www-data www-data 20581 Aug 27 11:43 Application_name_error.log.2.gz
-rwxr-xr-x 1 www-data www-data 21183 Aug 27 11:43 Application_name_audit.log.2.gz
-rwxr-xr-x 1 www-data www-data 11679 Aug 27 20:36 Application_name_access.log.1.gz
-rwxr-xr-x 1 www-data www-data 6524 Aug 27 23:33 Application_name_error.log.1.gz
-rwxr-xr-x 1 www-data www-data 9311 Aug 27 23:33 Application_name_audit.log.1.gz
drwxr-xr-x 3 www-data www-data 4096 Aug 28 00:01 .
-rwxr-xr-x 1 www-data www-data 164658 Aug 28 12:52 Application_name_access.log
-rwxr-xr-x 1 www-data www-data 134843 Aug 28 14:28 Application_name_error.log
-rwxr-xr-x 1 www-data www-data 122378 Aug 28 14:28 Application_name_audit.log
Is this the "may break" you were referring to? To be clear, there definitely should be entries in access.log more recent than 12:52 - the real target webserver shows accesses and the error.log/audit.log refers to those accesses.
I am going to comment 10,11,12,13 and see how it runs over the weekend.
it seems to lag the other log files, then catch up again later...
As far as I know, access logs of nginx works like that, first fill the buffer and then write the log file to disk.
Looks like site logs are not being rotated so I have tried running /home/www-data/waf2py_community/applications/Waf2Py/scripts/logrotate manually.
Generated logrotate conf:
Line 13 is /bin/chown which I think causes an error because "endscript" is commented out. I am not a logrotate expert, so I cannot explain why logrotate says it's skipping Application_name/*.log but then carries on and tries to rotate the logs. It says "log has been rotated", but it hasn't, there is only one of each log file. I am going to uncomment line 12 and see what happens overnight.