FIX: Ensure closing log files on reload

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

https://docs.intelmq.org/latest/

GNU Affero General Public License v3.0

976 stars 297 forks source link

FIX: Ensure closing log files on reload #2435

Closed kamil-certat closed 11 months ago

kamil-certat commented 11 months ago

During the reloading process, log handlers are not explicitly closed. This may cause long living open file handlers and keeping cached files in the memory. If log files are big, the RAM cache usage can be very high.

kamil-certat commented 11 months ago

BTW: just to clearly justify, why it's needed:

On a long-running machine without the change:

$ lsof -u intelmq | grep /var/log | wc -l
1338

$ lsof -u intelmq | grep /var/log | grep deleted | wc -l
1129

More than 1000 of opened file descriptors to deleted log files, hold by IntelMQ.

On the machine with the change, there is not a single one.