Hide Forgot
Description of problem: When running IPA in debug mode, and have found that the log file generated has no way to limit it in configuration file. Version-Release number of selected component (if applicable): ipa-pki-ca-theme-9.0.3-7.el6.noarch Thu 18 Oct 2012 03:42:40 PM CEST ipa-pki-common-theme-9.0.3-7.el6.noarch Thu 18 Oct 2012 03:42:40 PM CEST krb5-pkinit-openssl-1.10.3-10.el6.x86_64 Wed 26 Jun 2013 11:34:15 AM CEST pki-ca-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:20:12 AM CEST pki-common-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:20:11 AM CEST pki-java-tools-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:20:10 AM CEST pki-native-tools-9.0.3-30.el6.x86_64 Wed 10 Jul 2013 10:14:42 AM CEST pki-selinux-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:16:00 AM CEST pki-setup-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:15:21 AM CEST pki-silent-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:20:11 AM CEST pki-symkey-9.0.3-30.el6.x86_64 Wed 10 Jul 2013 10:20:09 AM CEST pki-util-9.0.3-30.el6.noarch Wed 10 Jul 2013 10:20:10 AM CEST Actual results: Gigantic log file created Expected results: Either a way to limit it or a logrotate setup to rotate the log
Is putting a: /var/log/pki-ca/debug /var/log/pki-kra/debug /var/log/pki-ocsp/debug /var/log/pki-ra/debug { copytruncate weekly rotate 5 notifempty missingok } A valid/supported solution? Can we have it included in the product if it is ?
We are not planning on fixing this in RHEL 6, but rather in a future version of Dogtag. As a result of this, I have filed 'https://fedorahosted.org/pki/ticket/814 PKI TRAC Ticket #814 - Provide log rotation for PKI debug logs' which references this bug and states: It appears that the PKI debug log facility utilizes a different infrastructure than the other PKI logging facilities which currently provide log rotation. The reason that this logging infrastructure may have differed may have been due to a previous request to insure that a single debug log file could always be run against a 'tail -f' without concern of log roll over. Regardless, however, log rotation should be made an optional feature of the PKI debug log.
Matthew, can we use in the meantime a logrotate script like the one proposed on comment #1? Thanks, Pablo
(In reply to Pablo Iranzo Gómez from comment #3) > Matthew, can we use in the meantime a logrotate script like the one proposed > on comment #1? > > Thanks, > Pablo Pablo, Yes, we discussed this briefly in our CS meeting today, and we believe that the logrotate script should work on the debug file since it is just a normal log file, so feel free to try it out. However, please be aware that we have not done any testing using the logrotate script, and as we are planning fixing the debug logging upstream, it is not on any of our roadmaps to provide the use of the logrotate script as a Q/E'd feature of this product.