Bug #3237
ipsec.log not rotated
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-ipsec | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.6 | NEEDINFO: | No |
Description
A logrotate fragment to handle ipsec.log seems to be missing.
ipsec.log grows indefinitely.
Associated revisions
Add ipsec log rotation. Refs #3237
History
#1 Updated by Filippo Carletti almost 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Filippo Carletti almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Filippo Carletti
- % Done changed from 20 to 30
#3 Updated by Filippo Carletti almost 6 years ago
I think that a simple logrotate config file should be enough. I did a test and it worked, but maybe we need to wait a week for a full log rotation.
# cat /etc/logrotate.d/ipsec /var/log/ipsec.log { copytruncate compress }
#4 Updated by Filippo Carletti almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Filippo Carletti) - % Done changed from 30 to 60
#5 Updated by Filippo Carletti almost 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-ipsec-1.1.0-1.2.g3a409b8.ns6.noarch.rpm
Test case:
on a system where /var/log/ipsec.log contains data, upgrade the package and force a log rotation:
logrotate -f /etc/logrotate.conf
Or wait next week for automatic log rotation.
You should find two files:
/var/log/ipsec.log
/var/log/ipsec.log-201508XX (date)
Also:
# fuser -v /var/log/ipsec.log USER PID ACCESS COMMAND /var/log/ipsec.log: root 9484 F.... rsyslogd
#6 Updated by dz0 0te almost 6 years ago
- Assignee set to dz0 0te
#7 Updated by dz0 0te almost 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
dz0 0te) - % Done changed from 70 to 90
System and Package Version installed
VM KVM - Clean install of Nethserver 6.6 fully updated
Package Installed: nethserver-ipsec-1.1.0-1.ns6.noarch
Other Package installed: Basic Firewall, VPN
Test Original Problem
Enabled a fake ipsec tunnel to generate logs
set manually date +10 days
executed
run-parts /etc/cron.daily/
no logrotate of ipsec.log
Install Updated Package
yum --enablerepo=nethserver-testing update nethserver-ipsec-1.1.0-1.2.g3a409b8.ns6
Test Results after update
Test case 1:
repeat the test pre-upgrade, now log rotation works correctly
Test case 2:
manually launch of
logrotate -f /etc/logrotate.conf
also correctly create new logrotated files
# fuser -v /var/log/ipsec.log USER PID ACCESS COMMAND /var/log/ipsec.log: root 1018 F.... rsyslogd
Verified or Reopen
Verified
Note
...
#8 Updated by Davide Principi almost 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates/6.6
nethserver-ipsec-1.1.1-1.ns6.noarch.rpm