On September 20, 2012 7:01 , "Esmond Pitt" <esmond.pitt@xxxxxxxxxxx> wrote:
Sorry, can't wait till the end of the month to experiment with this. It occurred to me that I would like to organize my log files by year and month in directories. Does rotatelogs create intermediate directories if they don't exist?
Cronolog will do this, see http://cronolog.org/ I like cronolog because:- You never have to signal httpd to re-open log files. New logs are created automatically. - No need for cron jobs unless you want to delete old log files after some period of time. - Logs are written directly to their long-term filename; files do not get renamed. - cronolog maintains symbolic links to the latest logs so that they can be accessed without needing to deal with the directory structure or dates. - cronolog runs as a non-root user separate from the user that httpd runs as, which helps keep logs secure while minimizing potential vulnerabilities.
- More flexibility in log naming than rotatelogs.I recommend downloading "cronolog 1.7 beta with the jumbo patch applied", which you can get from http://cronolog.org/patches/index.html This has worked well for me in production for years now, and it has significantly more features than cronolog 1.6.2.
cronolog works well with SELinux if you add the following local policy:
policy_module(cronolog, 1.0)
require {
type httpd_log_t;
type httpd_t;
class lnk_file { create unlink };
class dir { remove_name };
}
allow httpd_t httpd_log_t:lnk_file { create unlink };
allow httpd_t httpd_log_t:dir { remove_name };
When I have the time -- hopefully later this year -- I'd like to write a
complete SELinux policy module for cronolog so that it doesn't get all
of the extra access that httpd has, as it does now.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|