Help with logrotate and bind
Cathy Almond
cathya at isc.org
Tue Mar 2 14:14:27 UTC 2010
bind-suggest at isc.org ?
I'm not sure how much attention it will get right this moment - it
depends on the persuasiveness of the argument for it, and the number of
folks popping up to say 'yes please, I need it too!'.
But it doesn't on the face of it sound too technically difficult and the
code is already there to 'do the log roll' - it's the control side that
needs more thought and effort (and it would probably have to be
specified by logging channel).
Chris Thompson wrote:
> On Feb 26 2010, Alan Clegg wrote:
>
>> Diosney Sarmiento Herrera wrote:
>>
>>> I am trying to rotate my named logfile with logrotate and I
>>> configured it as I show:
>>
>> [...]
>>
>> This is much more a question for a list that discusses the logrotate
>> application than it is to bind-users. I would recommend, however, that
>> you look into the built-in ability of named to roll log files:
>>
>> channel general_log {
>> file "logs/general.log" versions 2 size 2m;
>> severity info;
>> };
>>
>> will keep logs/general.log (current) and a .0 and .1 version of the
>> file, all of 2m in size. When the primary log exceeds this size,
>> rolling is automatic.
>
> As it happens, this has become an issue here as well. The context is
> Solaris 10_x86 and "logadm" (rather than Linux "logrotate") but the
> issues are similar.
>
> We have BIND on our nameservers write notable messages to syslog whose
> files are rotated once a week. However, we also have it write more
> voluminous retrospectively-informative material to files that are
> cycled on size (as above). Some of these (especially query logs) are
> turned on only intermittently as operational requirements dictate.
>
> Keeping auditors happy apparently requires that we put an upper limit
> on the length of time such logs are retained. (I make no comment on
> the sanity of this.) It isn't at all easy to ensure this with BIND's
> existing facilities. I have determined that it does open the log
> files with O_APPEND, so that one can truncate them while they are
> being written. So I could use logadm's -c option:
>
> | -c
> | | Rotate the log file by copying it and truncating the
> | original logfile to zero length, rather than renaming
> | the file.
>
> (which was apparently invented for cycling the totally crappy Solaris
> cron log file /var/log/cron). But apart from the obvious window for
> losing data, there is also the alarming possibility that BIND might
> decide to cycle the log file for size reasons at the same time that
> logadm does for timing reasons.
>
> Is there any prospect of BIND providing a rotate-log-file function at
> a particular time, or via rndc command?
>
More information about the bind-users
mailing list