Red Hat Bugzilla – Bug 500700
TPS logs are not rotated
Last modified: 2015-01-04 18:38:30 EST
- none of the TPS logs are rotated.
- fwiw, log rotation is available as a feature in CA and other subsystems.
could we document logrotate configuration to use operating system feature like usually done for mysql, apache, and so
see man logrotate
httpd example, from /etc/logrotate.d/httpd:
/bin/kill -HUP `cat /var/run/httpd/httpd.pid 2>/dev/null` 2> /dev/null || true
Created attachment 389624 [details]
patch for rolling logs and TPS shutdown if log is full
jmagne, please review
This includes changes to add :
-- log rotation to TPS
-- log expiration thread
-- TPS shuts down if audit log full (BZ 562893)
Attachment (id=389624) +jmagne
Created attachment 389830 [details]
updated patch for rolling logs and TPS shutdown if log id full
updated patch (already +'ed by jmagne)
Checked into 8.1 tip
[builder@goofy-vm4 tps]$ svn ci -m "BZ500700 and BZ562893: tps log rotation and tps shutdown if audit logs full"
Transmitting file data .........
Committed revision 967.
Notes to QE/ Doc
The following parameters have been added to CS.cfg for the TPS (where * is audit, debug or error):
logging.*.file.type: can be LogFile or RollingLogFile
logging.*.rolloverInterval: interval to roll over logs (seconds, 0 to disable)
logging.*.maxFileSize: size at which file rollover occurs, in kB
logging.*.expirationTime: maximum age of log, older unmodified logs are
deleted (in seconds, 0 to disable)
If the file type is LogFile, then we have the existing behaviour which is a plain log file that does not roll over or expire.
If the file type is RollingLogFile, then the file will roll over (save the file to <log_file_name>.<date> and start writing in a new file) if :
a) The log file exceeds maxFileSize
b) Every rolloverInterval (assuming the log file is non-empty). Setting rolloverInterval to 0 disables this.
In addition, if expirationTime >0, then we will look to see if there are any logs that have been rotated (which have filename of form <filename>.<date>) and which have not been modified within expiration_time. If so, then the file will have expired and will be deleted.
The default settings for these parameters are shown below:
logging.*.rolloverInterval: 30 days
logging.*.maxFileSize: 2 MB
logging.*.expirationTime: 0 (disabled)
One thing that QE should confirm is that for audit logs, if the log is rolled over, the new log starts with a signature message. In fact, QE should confirm that a series of rolled -over logs are verified correctly using AuditVerify.
Design docs at https://wiki.idm.lab.bos.redhat.com/export/idmwiki/Certificate_System_8.1_Designs#Adding_Rolling_Logs_for_the_TPS
Created attachment 394961 [details]
change to ensure roated signed audit log starts with a signature
this was mistakenly left out in the checkin ..
jmagne, please review
Attachment (id=394961) +jmagne
[builder@goofy-vm4 tps]$ svn ci -m "BZ500700 - ensure rotated signed audit logs start with a signature"
Transmitting file data .
Committed revision 981.
Tested TPS log files rotation for audit, debug and error log files.
Log files rollover when the log file exceeds maxFileSize and every rolloverInterval.
When the file size is 0 bytes, files are not rolled over.
When the expirationTime >0, the logs that have been rotated and
those that have not been modified within expiration_time are deleted. We have a minor bug https://bugzilla.redhat.com/show_bug.cgi?id=567415, which deletes rotated files that suffix or prefix with any character.
In the case of Signed audit logs, when the log is rolled over, the new log starts with a signature message. Series of rolled over logs are verified using AuditVerify.
Marking this bug verified.