Enable log rotation

[henry-spanka]

It wouldd be nice to rotate the fastnetmon log every day or so. My log file is now 55.000 lines big ;)

[craig]

Can't you just use logrotate?

[pavel-odintsov]

We need some option from FastNetMon side for reopening log file.

[pavel-odintsov]

But all other tasks should be implemented with logrotate :)

[pavel-odintsov]

We have two approaches:

• Execute log rotation with logrotate but in this case we need some way to poke fastnetmon for reopening log file. But fastnetmon uses really huge amount of threads and it's a bit complex
• Execute log rotation from FastNetMon side with RollingFileAppender: http://log4cpp.sourceforge.net/api/classlog4cpp_1_1RollingFileAppender.html#_details or DailyRollingFileAppender.cpp (will be available in log4cpp 1.1.2rc)

I prefer second option because log4cpp offer bundled thread safety:

3.2. Is log4cpp thread-safe? The same instance of the log4cpp::Category object (a logger) can be used from different threads simultaneously without explicit synchronization. Concurrent access to the appenders will be prevented by the logger object itself. It will lock internal mutex each time when it comes to writing into appenders. So, it is safe, for example, to write from the multiple threads to the same logger which appends to the same file. Although, log4cpp is configured in such a way that two different loggers append to the same appender (it may be a file), then there will be no way for the logging framework to arrange proper addition and things can get mixed up. So this way of configuration is not recommended.

And DailyRollingFileAppender do logrotation job perfectly: 1) We could automatically create new log file each day 2) We could remove older files (more than X total log files count)

[kostyana]

Pavel, it is "normal" workaround - just restart fastnetmon after logrotate has done his job?

/var/log/fastnetmon/*.log
{
        rotate 12
        weekly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
            /usr/sbin/service fastnetmon restart > /dev/null
        endscript
}

[pavel-odintsov]

Hello!

Yes, that's fine. You can do it. Please check that you have netflow template cache enabled (sudo fcli show main netflow_templates_cache) to avoid traffic drops.

On Wed, Feb 6, 2019 at 11:24 AM kostyana notifications@github.com wrote:

Pavel, it is "normal" workaround - just restart fastnetmon after logrotate has done his job?

/var/log/fastnetmon/*.log { rotate 12 weekly missingok notifempty compress delaycompress sharedscripts postrotate /usr/sbin/service fastnetmon restart > /dev/null endscript }

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pavel-odintsov/fastnetmon/issues/421#issuecomment-460989571, or mute the thread https://github.com/notifications/unsubscribe-auth/ACnfZin_Vz1NchVlf_v7SdbQytA_zM-pks5vKrtzgaJpZM4GDN35 .

-- Sincerely yours, Pavel Odintsov

[cullorblind]

Logrotate can also do a copy/truncate without changing the inode of the original file. No need to bounce the service.

/var/log/fastnetmon/*.log
{
    rotate 6
    daily
    missingok
    copytruncate
    notifempty
    delaycompress
}

[pavel-odintsov]

Great! Thank you for sharing this advice!

[pavel-odintsov]

We've added file for logrotate: https://github.com/pavel-odintsov/fastnetmon/blob/master/src/fastnetmon_logrotate