Krb5 servers writing to old rotated log files

Jason L Tibbitts III tibbs at math.uh.edu
Tue May 17 11:10:50 EDT 2011


>>>>> "JW" == Jaap Winius <jwinius at umrk.nl> writes:

JW> Hi folks, On all of the Debian squeeze servers with Kerberos
JW> (v1.8.3) that I manage, I've noticed that the Kerberos daemons start
JW> out writing to their designated log files, e.g. kdc.log, but once
JW> those log files are rotated they ignore the new empty ones and
JW> instead prefer to write only to the first rotated files,
JW> e.g. kdc.log.1.

Well, I'm sure they just keep logging to the files they have open.  The
fact that you changed the names of those files doesn't have any bearing
on that.

You need to send -HUP to the daemons to get them to close and reopen
their logs.  I would expect most Linux distributions to do this for you;
for example, Fedora has snippets in /etc/logrotate.d:

/var/log/kadmind.log {
    missingok
    notifempty
    monthly
    rotate 12
    postrotate
        /bin/kill -HUP `cat /var/run/kadmind.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

/var/log/krb5kdc.log {
    missingok
    notifempty
    monthly
    rotate 12
    postrotate
        /bin/kill -HUP `cat /var/run/krb5kdc.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

 - J<



More information about the Kerberos mailing list