On September 20, 2012 7:01 , "Esmond Pitt" <esmond.p...@bigpond.com> wrote:
Sorry, can't wait till the end of the month to experiment with this.
It occurred to me that I would like to organize my log files by year
and month in directories. Does rotatelogs create intermediate
directories if they don't exist?
Cronolog will do this, see http://cronolog.org/
I like cronolog because:
- You never have to signal httpd to re-open log files. New logs are
created automatically.
- No need for cron jobs unless you want to delete old log files after
some period of time.
- Logs are written directly to their long-term filename; files do not
get renamed.
- cronolog maintains symbolic links to the latest logs so that they can
be accessed without needing to deal with the directory structure or dates.
- cronolog runs as a non-root user separate from the user that httpd
runs as, which helps keep logs secure while minimizing potential
vulnerabilities.
- More flexibility in log naming than rotatelogs.
I recommend downloading "cronolog 1.7 beta with the jumbo patch
applied", which you can get from
http://cronolog.org/patches/index.html This has worked well for me in
production for years now, and it has significantly more features than
cronolog 1.6.2.
cronolog works well with SELinux if you add the following local policy:
policy_module(cronolog, 1.0)
require {
type httpd_log_t;
type httpd_t;
class lnk_file { create unlink };
class dir { remove_name };
}
allow httpd_t httpd_log_t:lnk_file { create unlink };
allow httpd_t httpd_log_t:dir { remove_name };
When I have the time -- hopefully later this year -- I'd like to write a
complete SELinux policy module for cronolog so that it doesn't get all
of the extra access that httpd has, as it does now.
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
