Question regarding newsyslog.conf and Bind logs

Thu Aug 25 21:07:54 UTC 2022

On 2022-08-25 16:46, Richard T.A. Neal wrote:

> Hi J,
> 
> I'm coming a little late to the party on this one and I think you might struggle to do rotation based on both date/time *and* file size, but I use logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And you'll see that one of the last things that logrotate does is to call [rndc reconfig] which causes BIND to generate fresh log files in place of the rotated ones.
> 
> My BIND logging itself is setup based largely on the configuration described here:
> https://kb.isc.org/docs/aa-01526
> 
> My logrotate.conf file then looks like this the following, which itself is based on this:
> https://ixnfo.com/en/logrotate-bind9.html
> 
> #-----------------------------------------
> # RTAN BIND 9 daily log rotation
> #
> # Note that the log file won't rotate until at least one day AFTER you set this for the first time.
> # Eg if you create this file on a Wednesday then they won't rotate for the first time until THURSDAY night:
> # https://serverfault.com/questions/375004/logrotate-not-rotating-the-logs
> #-----------------------------------------
> 
> /var/log/named/*.log
> {
>    olddir /var/log/named/archived
>    compress
>    create 0644 bind bind
>    daily
>    dateext
>    missingok
>    notifempty
>    rotate 31
>    sharedscripts
>    postrotate
>      /usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
>    endscript
> }
> #-----------------------------------------
> 
> Best,
> Richard.

Hi Richard,

Thank you for your reply.  I am not attempting to configure the server 
so that rotation is based on size *and* time.  The size configuration in 
the logging stanza was more to put an upper limit on a log *before* it 
is rotated.  I could drop the parts that mention 2 versions and 
incrementing the filename and just keep: size 1G.

Let's say it's an extremely busy day and my Bind recursive resolver logs 
are getting really big.  I want the maximum size a day's logs can be 
*before* they are compressed to be 1G.  I am aware that if the server is 
still under heavy load that queries past that point will not be logged.

Then, at the end of the day, newsyslog compresses the logs and rotates 
them so that I keep 7 days worth of compressed logs.

The logrotate your example uses looks good, but I'm on a very minimal 
OpenBSD 7.1 host.  I could add the logrotate package, but newsyslog is 
in the base system and I already use it for doing the same kind of log 
rotation for my firewall logs, so I was hoping to stick to newsyslog.

The postrotate directive in the logrotate example you sent me was what I 
was basing my newsyslog config on, as it uses rndc and not pkill SIGHUP.

I am assuming it would work with newsyslog, or am I incorrect about that ?

Thanks again,

- J