[nsd-users] Log file rotation
matthijs at NLnetLabs.nl
Fri Nov 7 13:40:59 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Ok, I failed to spot that moving the current logfile in a rotated file
system was an external process. I now understand how the patch could
facilitate in rotating nsd.log.
However, there are some side effects:
1. When starting NSD, the logfile is opened before dropping the
privileges. This means that NSD might have the wrong permissions to
reopen the file on a reload. Currently if so, this leads to an assertion
2. When using chroot, the logfile is opened before chrooting. So, in the
example where you log to /var/log/nsd.log and chroot to /etc/nsd, the
logfile cannot be found when reopening. Logfile should be relative to
3. The main and child processes has rotated the file, but the xfrd
process does not know about this yet.
- - Matthijs
Shane Kerr wrote:
> When NSD starts and you have a "logfile:" line in your nsd.conf, like
> logfile: /var/my/special/logfile
> This file is opened when NSD starts, and whenever log_msg() is invoked
> then the log message is written to the end from log_file().
> It would be nice if there was a way to tell NSD, "please re-open this
> file". That way one can do:
> * Move current log file to a new name, like "mv nsd.log nsd.log.0"
> * Tell NSD to re-open the log file, like "rndc reload"
> * Compress the old log file, or delete it, or whatever
> This is basic log file rotation.
> We can do this by restarting NSD, but we would prefer not to stop
> service, even for a brief period of time.
> On Fri, 2008-11-07 at 11:08 +0100, Matthijs Mekking wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Hi Shane,
>> I'm not sure if I understand what you mean by a rotated log file. Could
>> you give me some more pointers of what you are trying to do?
>> Shane Kerr wrote:
>>> As far as I can tell, if you specify a log file for NSD it is never
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the nsd-users