Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
i got a physical machine and the rest are VMs. Most of my VMs have /var/log/lastlog at the 11g
i could not find a logrotate config for lastlog in /etc
i found references online to placing a logrotate config for last log into logrotate.conf . however, those same references state this config has been in rhel for ages. this might be a regression
kvm : -rw-r--r--. 1 root root 285K Oct 15 23:56 /var/log/lastlog
ipa : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:52 /var/log/lastlog
zenoss : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 15 23:45 /var/log/lastlog
docker : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 285K Oct 12 04:57 /var/log/lastlog
gitlab : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 15 23:37 /var/log/lastlog
jenkins : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 03:26 /var/log/lastlog
spacewalk : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:58 /var/log/lastlog
cachet : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:49 /var/log/lastlog
i also viewed the log on a couple of VMs and they had entries from nov 2015 and aug 2015 respectively
-------
NOTE:
while wrtiing this up, and to collect data, i logged into the docker vm which only has 285K size.
i normally log in by root. this time, i did an su to my user and then checked the size.
this is what i found:
[marafa.EGIT] ➤ ./multissh.sh ls -lh /var/log/lastlog
ipa : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:52 /var/log/lastlog
zenoss : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 15 23:45 /var/log/lastlog
docker : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 16 00:08 /var/log/lastlog
gitlab : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 15 23:37 /var/log/lastlog
jenkins : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 03:26 /var/log/lastlog
spacewalk : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:58 /var/log/lastlog
cachet : X11 forwarding request failed on channel 0
-rw-r--r--. 1 root root 11G Oct 12 04:49 /var/log/lastlog
i am using free IPA 4.2
Version-Release number of selected component (if applicable):
[root@ipa ~]# rpm -qa |grep -i ipa
ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
python-iniparse-0.4-9.el7.noarch
sssd-ipa-1.13.0-40.el7_2.12.x86_64
ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
libipa_hbac-1.13.0-40.el7_2.12.x86_64
ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
How reproducible:
everytime
Steps to Reproduce:
1. register client to freeipa
2. login to client as a user
3. check size
Actual results:
last log is 11g
Expected results:
last log should not be over half a gig. and it should be rotated monthly
Additional info:
If you do not have any entry for /var/log/lastlog in logrotate's configuration, it will not be rotated. Are you saying that the entry used to be included on a default RHEL-7 installation? If yes, which package provided it?
In any case, logrotate works as designed.
I am switching the component to ipa then.
Did you try to check the size by du(1) instead of ls(1)?
If ls shows big size just because the file is sparse, this is likely NOTABUG.
From man 8 lastlog:
NOTE
The lastlog file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its size on the disk is usually much smaller than the one shown by "ls -l" (which can indicate a really big file if you have in passwd users with a high UID). You can display its real size with "ls -s".
IPA server creates ID range starting from random number by default during installation. You can use --idstart (and --idmax) to override this. This means that there's quite high chance that IPA users will have high UIDs and lastlog will appear to take huge amount of disk space.