Help with logrotate and bind

Cathy Almond cathya at isc.org
Tue Mar 2 14:14:27 UTC 2010 

bind-suggest at isc.org ?

I'm not sure how much attention it will get right this moment - it
depends on the persuasiveness of the argument for it, and the number of
folks popping up to say 'yes please, I need it too!'.

But it doesn't on the face of it sound too technically difficult and the
code is already there to 'do the log roll' - it's the control side that
needs more thought and effort (and it would probably have to be
specified by logging channel).

Chris Thompson wrote:
> On Feb 26 2010, Alan Clegg wrote:
> 
>> Diosney Sarmiento Herrera wrote:
>>
>>>    I am trying to rotate my named logfile with logrotate and I
>>> configured it as I show:
>>
>> [...]
>>
>> This is much more a question for a list that discusses the logrotate
>> application than it is to bind-users.  I would recommend, however, that
>> you look into the built-in ability of named to roll log files:
>>
>>        channel general_log {
>>                file "logs/general.log" versions 2 size 2m;
>>                severity info;
>>        };
>>
>> will keep logs/general.log (current) and a .0 and .1 version of the
>> file, all of 2m in size.  When the primary log exceeds this size,
>> rolling is automatic.
> 
> As it happens, this has become an issue here as well. The context is
> Solaris 10_x86 and "logadm" (rather than Linux "logrotate") but the
> issues are similar.
> 
> We have BIND on our nameservers write notable messages to syslog whose
> files are rotated once a week. However, we also have it write more
> voluminous retrospectively-informative material to files that are
> cycled on size (as above). Some of these (especially query logs) are
> turned on only intermittently as operational requirements dictate.
> 
> Keeping auditors happy apparently requires that we put an upper limit
> on the length of time such logs are retained. (I make no comment on
> the sanity of this.) It isn't at all easy to ensure this with BIND's
> existing facilities. I have determined that it does open the log
> files with O_APPEND, so that one can truncate them while they are
> being written. So I could use logadm's -c option:
> 
> | -c
> | |    Rotate the log file by copying  it  and  truncating  the
> |    original  logfile  to  zero length, rather than renaming
> |    the file.
> 
> (which was apparently invented for cycling the totally crappy Solaris
> cron log file /var/log/cron). But apart from the obvious window for
> losing data, there is also the alarming possibility that BIND might
> decide to cycle the log file for size reasons at the same time that
> logadm does for timing reasons.
> 
> Is there any prospect of BIND providing a rotate-log-file function at
> a particular time, or via rndc command?
>

More information about the bind-users mailing list