Solved OpenVPN accounting log (rotate)

[circus78]

Hi, I am using FreeBSD 12.1-RELEASE-p3 as security/openvpn server.
I configured this in order to keep very old data about security/openvpn accesses:

/var/log/openvpn/openvpn.log    root:network    640     72      *       $M1D0   JC

and it works fine.
I would like to log accounting too (I mean: bytes received/bytes sent), and it this is logged in /var/log/openvpn/openvpn-status.log.
The problem is: it seems that such file is re-created every time openvpn(8) service is restarted.
I would like to have it in "append" mode, so I can configure newsyslog to rotate it regularly.
How can I do this?
Thank you

My configuration:

local 192.168.1.100
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key  # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
remote-cert-tls client

 

[scottro]

In the sample configuration file /usr/local/share/examples/openvpn/sample-config-files/server.conf) you'll see an example.
log-append openvpn.log

That should work.

 

[SirDice]

The problem is: it seems that such file is re-created every time openvpn(8) service is restarted.

Actually, this file is refreshed at timed intervals, it's not a traditional "log" file, it only shows the current status. Similar to how top(1) shows the current status of processes and such. (top(1) is a bad example though, because it has a "batch" mode, but you get the idea).

I would like to have it in "append" mode,

There is no append mode because this is not a log file (in the 'traditional' sense).

 

[circus78]

In the sample configuration file /usr/local/share/examples/openvpn/sample-config-files/server.conf) you'll see an example.
log-append openvpn.log

That should work.

Hi, unfortunaltey, such option is referred to openvpn.log file, which contains authentication data (login, logoff, and so on), but no "accounting" data.
Thank you!

 

[circus78]

Actually, this file is refreshed at timed intervals, it's not a traditional "log" file, it only shows the current status. Similar to how top(1) shows the current status of processes and such. (top(1) is a bad example though, because it has a "batch" mode, but you get the idea).


There is no append mode because this is not a log file (in the 'traditional' sense).

Hi, yes, thank you, I got the idea.
I will arrange some script in order to grab every X seconds infos from openvpn-status.log, and put somewhere!