Log rotation (again)

John Horne J.Horne at plymouth.ac.uk
Tue Apr 25 14:36:25 UTC 2000 

Hello,

Okay, I think I am still a bit stuck with this. At present we regenerate our
zone files each night of the working week. This is automatically reloaded
using ndc in the morning via cron. The program building the zone files does
some checking of consistency etc, but we also use the 'swatch' program to
continuously monitor the BIND log files. We have configured BIND to produce
seperate panic, misc and zones log files. These are monitored basically to
ensure that the zones do reload each morning and that none of the secondary
zones expire.

Using BIND 8.1 this was not really a problem since we configured BIND with
the 'versions' option in the logging section. At each reloading (i.e. each
morning) a new log file would be created; we could then HUP the swatch
processes and these would see the new log file (we also told it to look back
at the beginning of the log just to make sure that nothing sneaked in
between the ndc reload and swatch being HUP'ed).

With 8.2.2 things changed. You cannot use the 'versions' option on its own
but have to use 'size' as well. With this, if a size is set then the log
files are not rotated until the file hits that size (regardless of any ndc
reload). We don't want too small a size, nor too big, but regardless of that
we have no control over *when* the files are rotated. As such it is possible
that swatch will miss something because it is looking at the wrong file(s).

If I set a size of 'default' then something strange happens. I don't know
what the 'default' is, but at present the log files are rotating after about
100 bytes - as of this morning they have rotated twice already.

So, what do other people do? Do others monitor the log files or not, and if
so then how? Do others have a way of controlling when the files were rotated
like with version 8.1? Does anyone else use swatch to monitor the log files?
If not, then what do you do when the zone doesn't load (i.e. do you actively
look for this sort of thing rather than waiting for it to be noticed), and
what about when a zone expires?

One possibility is to abandon BIND's log file handling and to get it to just
create a log file, then use swatch to monitor it and logrotate (this has
been ported from linux to Solaris 2.6 and we run it successfully under
Solaris 7 and 8) to deal with the log rotation. This will work, but I would
rather use BIND's own facilities.

I have checked through the archives about this, and there seems to be
several people who have noticed the change in functionality, all seem to
want it to return to 'the old way' (i.e. were 'versions' worked on its own),
but no reason as to why the code was changed in the first place.

Thanks for any help,

John.

--------------------------------------------------------------------------
John Horne, University of Plymouth, UK             Tel: +44 (0)1752 233914
E-mail: jhorne at plymouth.ac.uk
Finger for PGP key: john at jhorne.csd.plymouth.ac.uk

More information about the bind-users mailing list