Bug #3237

« Previous | Next »

ipsec.log not rotated

Added by Filippo Carletti about 6 years ago. Updated almost 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-ipsec
Target version:v6.6
Security class: Resolution:
Affected version:v6.6 NEEDINFO:No

Description

A logrotate fragment to handle ipsec.log seems to be missing.
ipsec.log grows indefinitely.

Associated revisions

Revision 3a409b85
Added by Filippo Carletti almost 6 years ago

Add ipsec log rotation. Refs #3237

History

#1 Updated by Filippo Carletti almost 6 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Filippo Carletti almost 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Filippo Carletti
  • % Done changed from 20 to 30

#3 Updated by Filippo Carletti almost 6 years ago

I think that a simple logrotate config file should be enough. I did a test and it worked, but maybe we need to wait a week for a full log rotation.

# cat /etc/logrotate.d/ipsec 
/var/log/ipsec.log {
    copytruncate
    compress
}

#4 Updated by Filippo Carletti almost 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 30 to 60

#5 Updated by Filippo Carletti almost 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Package available in nethserver-testing:
  • nethserver-ipsec-1.1.0-1.2.g3a409b8.ns6.noarch.rpm

Test case:
on a system where /var/log/ipsec.log contains data, upgrade the package and force a log rotation:

logrotate -f /etc/logrotate.conf

Or wait next week for automatic log rotation.
You should find two files:
/var/log/ipsec.log
/var/log/ipsec.log-201508XX (date)
Also:
# fuser -v /var/log/ipsec.log
                     USER        PID ACCESS COMMAND
/var/log/ipsec.log:  root       9484 F.... rsyslogd

#6 Updated by dz0 0te almost 6 years ago

  • Assignee set to dz0 0te

#7 Updated by dz0 0te almost 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (dz0 0te)
  • % Done changed from 70 to 90

System and Package Version installed
VM KVM - Clean install of Nethserver 6.6 fully updated
Package Installed: nethserver-ipsec-1.1.0-1.ns6.noarch
Other Package installed: Basic Firewall, VPN

Test Original Problem
Enabled a fake ipsec tunnel to generate logs
set manually date +10 days
executed

run-parts /etc/cron.daily/

no logrotate of ipsec.log

Install Updated Package

yum --enablerepo=nethserver-testing update nethserver-ipsec-1.1.0-1.2.g3a409b8.ns6

Test Results after update
Test case 1:
repeat the test pre-upgrade, now log rotation works correctly

Test case 2:
manually launch of 

logrotate -f /etc/logrotate.conf

also correctly create new logrotated files

# fuser -v /var/log/ipsec.log
                     USER        PID ACCESS COMMAND
/var/log/ipsec.log:  root       1018 F.... rsyslogd

Verified or Reopen
Verified

Note
...

#8 Updated by Davide Principi almost 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates/6.6
nethserver-ipsec-1.1.1-1.ns6.noarch.rpm

Also available in: Atom PDF