Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun Dec 16, 2012 10:52 am 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
How do I set logrotate to work for my sites that are in srv/www/* I see some tut here
http://www.debian-administration.org/articles/117 but they talk about basic logs in var/log/*

and seems that i have that setup as there are files like

error.log.1
error.log.2.gz
error.log.3.gz
error.log.4.gz
...


How to make this for sites in srv/www/logs? if possible with some wildcard for all sites?


Top
   
PostPosted: Sun Dec 16, 2012 11:11 pm 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
You can simply edit the first line of /etc/logrotate.d/apache2 to look something like this:
Code:
/var/log/apache2/*.log /srv/www/logs/*.log {


This will then match and act on all files matching *.log in /srv/www/logs/ in addition to /var/log/apache2/.


Top
   
PostPosted: Sun Dec 16, 2012 11:26 pm 
Offline
Senior Member

Joined: Tue Feb 19, 2008 10:55 am
Posts: 164
if the logs are in separate directories, you can do something like

/var/log/apache2/*.log /srv/www/*/logs/*.log

that will work with

/srv/www/site1.com/logs
/srv/www/site2.com/logs
etc


Top
   
PostPosted: Mon Dec 17, 2012 12:22 pm 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
Thanx People that helped.

One more question, how does log rotate work. How to tell it to delete logs older than one month?


Top
   
PostPosted: Tue Dec 18, 2012 1:08 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
From man logrotate:
Code:
maxage <count>
       Remove rotated logs older than <count> days.  The  age  is  only
       checked if the logfile is to be rotated. The files are mailed to
       the configured address if maillast and mail are configured.


Top
   
PostPosted: Wed Dec 19, 2012 11:47 am 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
so I added this in /etc/logrotate.d/apache2 and since then I have empty var/log/apache2 directory and in /srv/www/my-site/logs/ the same access.log and error.log, what could be wrong, do I need to restart something other than apache?


/var/log/apache2/*.log /srv/www/*/logs/*.log{
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}


Top
   
PostPosted: Thu Dec 20, 2012 3:01 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
What does "so I added this in /etc/logrotate.d/apache2" mean? What does the full file look like now? (It helps to use [code] tags when posting configuration files.)

What does "since then I have empty var/log/apache2 directory" mean? Were there existing logs in that directory which were deleted? How old were they?

What does "[I have] in /srv/www/my-site/logs/ the same access.log and error.log" mean? Do these files have the same content?

Logrotate is generally run once per day by cron. Look in /etc/cron.daily/ and see if there is a logrotate script there. If so, then logrotate will be run at the same time other daily jobs are run. It is not a service which runs in the background, so does not need to be restarted.


Top
   
PostPosted: Thu Dec 20, 2012 8:16 am 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
Sorry for that post.

1. Yes that was my apache2 file for logrotate made according to suggestions above. (full file, will use code next time)
2. Before I used root user, but since reading a post on forum I disabled a login for it and now i forget to type "sudo" everytime I need something "special" so I did "vi var/log/apache2" and it was empty. Now I see if i add SUDO before it there are log files, so this was the mistake I made. (is there a way I could remove a need for sudo writing for user other than root?)
3.By default logs are created from this I guess

Code:
<VirtualHost *:80>
     ServerAdmin webmaster@example.com
     ServerName example.com
     ServerAlias www.example.com
     DocumentRoot /srv/www/example.com/public_html/
     ErrorLog /srv/www/example.com/logs/error.log
     CustomLog /srv/www/example.com/logs/access.log combined
</VirtualHost>


And when I added the code for logrotate /srv/www/*/logs/*.log, there are still just those 2 files error.log and access.log, and no new ones that would be logrotate files like they are in var/log/*


Top
   
PostPosted: Thu Dec 20, 2012 9:45 pm 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
OK, I think I understand your question now. Logrotate does not control where applications write their logs. It only rotates files that already exist. So if you have a logrotate configuration that refers to an empty directory, that directory will stay empty.

The Apache config you posted will log activity to /srv/www/example.com/logs/access.log and errors to /srv/www/example.com/logs/error.log. These should be rotated by the apache2 logrotate configuration you posted (although you should make sure there's a space between "/srv/www/*/logs/*.log" and the opening brace). The weekly option means that these logs will be rotated at the beginning of each week. The compress option will compress rotated logs, but delaycompress means that the first rotated log will not be compressed. So after a few weeks, your directory should have files like this:
Code:
access.log
access.log.1
access.log.2.gz
access.log.3.gz
error.log
error.log.1
error.log.2.gz
error.log.3.gz


The rotate 52 option will keep 52 old log files around. You can change this by reducing the number or by adding a maxage option as discussed before.

The locations where logs are written is controlled by your Apache configuration. You should look at the main configuration file and all the virtual host configuration files in /etc/apache2/sites-enabled/ to see where they are logging. This command should show you:
Code:
grep -RE 'CustomLog|ErrorLog|RewriteLog' /etc/apache2/apache2.conf /etc/apache2/sites-enabled/


Edit: If I need to run several commands as root, I usually do sudo su - to get a root shell. You need to be careful while doing this, and very aware of what you're doing while root. Type exit as soon as you are finished the task and you will revert to a normal user.


Top
   
PostPosted: Fri Dec 21, 2012 5:29 pm 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
Thanx Vance, I did miss that space between "{" maybe that made a problem. Will try it. Thanx on explanation.
Also why is it so "dangerous" to be loggged in as root, mostly when i login to VPS is to make some edits as user with all privileges?


Top
   
PostPosted: Sat Dec 22, 2012 3:01 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
marko_roi wrote:
Also why is it so "dangerous" to be loggged in as root

Mainly because root can write to (or delete) any file on the system*. Typos that would be harmless while you are an ordinary user (because you don't have rights to modify important files) can cause great damage if run while root.

Of course, this is yet another argument for having good backups.

*Ignoring things like SELinux and extended attributes.


Top
   
PostPosted: Tue Dec 25, 2012 4:04 pm 
Offline
Senior Member

Joined: Tue Sep 13, 2011 7:13 am
Posts: 67
Lograte now works, but I see that on my site with lots of traffic access.log is 300 mb, how to make this lower? Probably remove .css .jpg and similar from logged in access.log, any chance on helping on that and how to do it?


Top
   
PostPosted: Tue Dec 25, 2012 10:43 pm 
Offline
Senior Member

Joined: Fri Jan 09, 2009 5:32 pm
Posts: 634
Why would you want to remove those from access.log? if you do, you can't do accurate statistical tracking of your site to see where your traffic is going.


Top
   
PostPosted: Tue Dec 25, 2012 11:12 pm 
Offline
Senior Member

Joined: Tue Feb 19, 2008 10:55 am
Posts: 164
marko_roi wrote:
Lograte now works, but I see that on my site with lots of traffic access.log is 300 mb, how to make this lower? Probably remove .css .jpg and similar from logged in access.log, any chance on helping on that and how to do it?


Try rotating your logs every day, ie

Code:
/var/log/apache2/*.log /srv/www/*/logs/*.log {
  daily
  missingok
  rotate 365
  compress
  delaycompress
  notifempty
  create 640 root adm
  sharedscripts
  postrotate
    /etc/init.d/apache2 reload > /dev/null
  endscript
}


I changed weekly to daily, and rotate 52 to rotate 365

Others may froth at the mouth and hurl abuse, but I do all my sysadmin as root, and everything else as an unprivileged normal user.
I use screen (well, byobu now), and leave one window logged in as root for sysadmin, and all other windows are my normal user, which I use to do everything I can in, only switching to the root window when I have to, then switch back when I've finished.

Others will only ever log in as a normal user, and use "sudo command" when they need root. This is definitely more secure, but not necessarily less prone to mistakes, as some will argue. As you get in the habit of sudo blah, it's all muscle memory, after you do it for a few days, you don't even need to think about it. It's just as easy to type sudo rm -rf / as it is to type rm -rf / in a root shell.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group