Krb5 servers writing to old rotated log files
Jaap Winius
jwinius at umrk.nl
Tue May 17 10:40:05 EDT 2011
Hi folks,
On all of the Debian squeeze servers with Kerberos (v1.8.3) that I
manage, I've noticed that the Kerberos daemons start out writing to
their designated log files, e.g. kdc.log, but once those log files are
rotated they ignore the new empty ones and instead prefer to write
only to the first rotated files, e.g. kdc.log.1. This is the case for
both the krb5kdc and kadmin daemons.
If I restart the Kerberos daemons manually, they start writing to the
correct log files. But, the next day, after the log files have been
rotated, the new ones are empty and the daemons are still writing to
the day-old ones.
Has anyone else seen this behavior before?
This is how my /etc/krb5.conf files are configured for logging:
[logging]
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/kadmin.log
default = FILE:/var/log/krb5/klib.log
I use this /etc/logrotate.d/krb5 file for rotating those log files:
/var/log/krb5/kadmin.log /var/log/krb5/kdc.log /var/log/krb5/klib.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
}
In my case, a consequence of using "notifempty" is that the Kerberos
log files are not rotated regularly and grow a bit larger than expected.
Am I missing something, have I made a mistake somewhere, or is this a bug?
Thanks,
Jaap
More information about the Kerberos
mailing list