newsyslog problem

[ddaas]

Hi there,
I'am using newsyslog to rotate logs on my freebsd server.
There are some problem and I don't know why is that.
Here is the content of newsyslog.conf

# logfilename          [owner]    mode count size when  flags [/pid_file] [sig_num]
/var/log/auth.log                       600  10    1000  *     C
/var/log/console.log                    600  5     1000  *     C
/var/log/cron                           600  5     1000  *     C
/var/log/debug.log                      600  7     1000  *     C
/var/log/maillog                        600  10    3000  *     C
/var/log/messages                       600  10    1000  *     C
/var/log/monthly.log                    600  10    *    $M1D0  N
/var/log/pflog                          600  5     1000  *     B    /var/run/pflogd.pid
/var/log/weekly.log                     600  5     1    $W6D0  N
/var/log/wtmp                           600  5     *    @01T05 B
/var/log/xferlog                        600  10    1000   *     C
/var/log/apache/*                       600  10    1000   *     GCB   /var/run/httpd.pid        30
/var/log/dovecot*                       600  10    1000   *     GCB   /var/run/dovecot/master.pid
/var/log/named.log                      600  10    1000   *     GCB   /var/run/syslog.pid
/var/log/mysqld.log                     600  10    1000   *     GBC   /var/db/mysql/softexp.pid 
/var/log/clamav/clamd.log               600  10    500    *     GBC   /var/run/clamav/clamd.pid
/var/log/clamav/freshclam.log           600  10    500    *     GBC   /var/run/clamav/freshclam.pid

1. /var/log/named.conf is not rotated at all
I am logging with bind in the following way (from named.conf)

logging {
        channel my_syslog {
                syslog local1;
                severity info;
        };

        category queries { my_syslog; };
        category default { my_syslog; };
};

2. The log file for postfix is /var/log/maillog
It is not rotated correctly. maillog becomes maillog.0 and postfix continues to write in maillog.0.
The message in maillog is:
Feb 27 18:55:00 softexp newsyslog[18308]: logfile turned over due to size>3000K
So in my opinion it as a problem with postfix restart. The inode number remains the same so it continues to write in the same file witch has now another name.
Any Idea how can I solve it?

Thanks

 

[mickey]

1. /var/log/named.conf is not rotated at all

2. The log file for postfix is /var/log/maillog
It is not rotated correctly. maillog becomes maillog.0 and postfix continues to write in maillog.0.

1. You need to have syslog write the channel local1 (where bind writes log output to) into the file /var/log/named.log. To do this, add the following line to your /etc/syslog.conf:
   

   local1.*                    /var/log/named.log

   Then create the file /var/log/named.log and activate the changes by sending the syslogd process a HUP signal, i.e. 'killall -HUP syslogd'.
   
2. If postfix writes to the logfile directly, rather than using syslog, than you need to add the path to the postfix process ID file to the maillog line of your newsyslog.conf file. This way newsyslog will send a HUP signal to the postfix process each time the logfile is rotated. You should consult your postfix manual and newsyslog.conf(5) for details. I've seen programs which use other signals than HUP for such purposes. If that is the case with postfix, you can specify the signal which newsyslog shall send to the process right after the PID file.

 

[ddaas]

I think my setup is exactly like you said.
In /etc/syslog.conf I have:

local1.info                                             /var/log/named.log

In /etc/newsyslog I have:

 /var/log/named.log                      600  10    1000   *     GCB   /var/run/syslog.pid

and

/var/log/maillog                        600  10    3000  *     C        /var/spool/postfix/pid/master.pid

This pid files are correct.
Maybe I should send a specific signal?

 

[mickey]

Regarding your named logs:

• You do not need to specify '/var/run/syslogd.pid' within the newsyslog.conf file, as it is the default to send a HUP signal to the syslogd process when no PID file is specified, and the 'N' flag is not present.
• In your named.conf logging configuration, you have already specified to only log messages of severity 'info' or above, so using 'local1.info' in syslog.conf should not be necessary, rather use 'local1.*'. This way you avoid having to change it in two places.
• Why do you use flags 'GCB' for named.log? The file format surely is not binary, and the filename is no shell pattern. So you should use something more appropriate like 'JC'.

I really would encourage you to read through the manual page for newsyslog.conf to get a basic understanding, of what these flags do, and when to actually use them.

As I am not using postfix, I can only give you limited advice regarding your postfix log rotate problem. But my assumption would be, that postfix logs through syslog using the 'mail' facility, as is described here: http://www.postfix.org/BASIC_CONFIGURATION_README.html#syslog_howto

So you should have something like this in your /etc/syslog.conf file:

mail.info                                               /var/log/maillog

And in /etc/newsyslog.conf:

/var/log/maillog                        640  7     *    @T00  JC