Help with logrotate and bind

Chris Thompson cet1 at cam.ac.uk
Mon Mar 1 20:45:50 UTC 2010 

On Feb 26 2010, Alan Clegg wrote:

>Diosney Sarmiento Herrera wrote:
>
>>    I am trying to rotate my named logfile with logrotate and I
>> configured it as I show:
>
>[...]
>
>This is much more a question for a list that discusses the logrotate
>application than it is to bind-users.  I would recommend, however, that
>you look into the built-in ability of named to roll log files:
>
>        channel general_log {
>                file "logs/general.log" versions 2 size 2m;
>                severity info;
>        };
>
>will keep logs/general.log (current) and a .0 and .1 version of the
>file, all of 2m in size.  When the primary log exceeds this size,
>rolling is automatic.

As it happens, this has become an issue here as well. The context is
Solaris 10_x86 and "logadm" (rather than Linux "logrotate") but the
issues are similar.

We have BIND on our nameservers write notable messages to syslog whose
files are rotated once a week. However, we also have it write more
voluminous retrospectively-informative material to files that are
cycled on size (as above). Some of these (especially query logs) are
turned on only intermittently as operational requirements dictate.

Keeping auditors happy apparently requires that we put an upper limit
on the length of time such logs are retained. (I make no comment on
the sanity of this.) It isn't at all easy to ensure this with BIND's
existing facilities. I have determined that it does open the log
files with O_APPEND, so that one can truncate them while they are
being written. So I could use logadm's -c option:

| -c
| 
|    Rotate the log file by copying  it  and  truncating  the
|    original  logfile  to  zero length, rather than renaming
|    the file.

(which was apparently invented for cycling the totally crappy Solaris
cron log file /var/log/cron). But apart from the obvious window for
losing data, there is also the alarming possibility that BIND might
decide to cycle the log file for size reasons at the same time that
logadm does for timing reasons.

Is there any prospect of BIND providing a rotate-log-file function at
a particular time, or via rndc command?

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list