Krb5 servers writing to old rotated log files
Jason L Tibbitts III
tibbs at math.uh.edu
Tue May 17 11:10:50 EDT 2011
>>>>> "JW" == Jaap Winius <jwinius at umrk.nl> writes:
JW> Hi folks, On all of the Debian squeeze servers with Kerberos
JW> (v1.8.3) that I manage, I've noticed that the Kerberos daemons start
JW> out writing to their designated log files, e.g. kdc.log, but once
JW> those log files are rotated they ignore the new empty ones and
JW> instead prefer to write only to the first rotated files,
JW> e.g. kdc.log.1.
Well, I'm sure they just keep logging to the files they have open. The
fact that you changed the names of those files doesn't have any bearing
on that.
You need to send -HUP to the daemons to get them to close and reopen
their logs. I would expect most Linux distributions to do this for you;
for example, Fedora has snippets in /etc/logrotate.d:
/var/log/kadmind.log {
missingok
notifempty
monthly
rotate 12
postrotate
/bin/kill -HUP `cat /var/run/kadmind.pid 2>/dev/null` 2> /dev/null || true
endscript
}
/var/log/krb5kdc.log {
missingok
notifempty
monthly
rotate 12
postrotate
/bin/kill -HUP `cat /var/run/krb5kdc.pid 2>/dev/null` 2> /dev/null || true
endscript
}
- J<
More information about the Kerberos
mailing list