[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS 9.3 Ubuntu Linux 8.4 trouble rotating log files because of a permissions error.

Posted on 2009-04-20
9
Medium Priority
?
1,208 Views
Last Modified: 2013-12-16
I can't get my named.log files to rotate.  What do I need to do to make the log files rotate?
Line in my syslog file.
unable to rename log file '/var/log/named.log' to '/var/log/named.log.o': permission denied.

ls -al named.log returns -rw-rw-r-- bind  bind  named.log
ls -ald returns drwxr-xr-x root root for /var/log.  Should root be the owner and group here?


Here's a snip of my named.conf.local file.
// Beginning of Logging

logging {

channel audit_log {
      file "/var/log/named.log" versions 7 size 4m;
      severity debug 3;
      print-time yes;

};
channel xfer_in_log {
      file "/var/log/xferin.log" versions 7 size 4m;
      severity debug 3;
      print-time yes;
};

channel xfer_out_log {
      file "/var/log/xferout.log" versions 7 size 4m;
      severity debug 3;
      print-time yes;
};

category security { audit_log; };
category config { audit_log; };
category resolver { audit_log; };
category xfer-in { xfer_in_log; };
category xfer-out { xfer_out_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };

// End of logging.
0
Comment
Question by:Westez
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:kblack05
ID: 24189951
Is your log rotator running as root? Or as nobody? You might need to add a 'sudo' statement to the front of the command line within the cron job.

0
 

Author Comment

by:Westez
ID: 24198075
How can you tell?  I've looked at the /etc/logrotate.conf file and it's unmodified, I see the two stanzas in there for wtmp.  It must be running because in /var/log I see wtmp being rotated. I ran a ps aux to list the running processes, and I don't recognize the log rotate process in the list.   I'm using the book "A Practical Guide to Ubuntu Linux" by Mark Sobell as a guide.   Page 875 has a statement that when the log file grows beyond 4 mb, it's renamed, and a new log is started.  It makes no mention of the log rotator other than to say see page 684 for another way to maintain log files. I don't think the log rotator plays a part with the named log.  Check me if I'm wrong.  Do I need to add a stanza to logrotated.conf to manage the named logs?
Based on the book, I'm thinking named controls the rotation.
0
 

Author Comment

by:Westez
ID: 24198583
When I installed Ubuntu, I did the server install and chose to only install dns.  Also I just looked in /etc/logrotate.d to see if the dns install put anything in there and it's bare.  I'm currently reading https://help.ubuntu.com/community/LinuxLogFiles.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Accepted Solution

by:
kblack05 earned 2000 total points
ID: 24198798
Go to /etc and create the file / edit file

/etc/logrotate.conf

and add these lines:

/var/log/named/* {
daily
rotate 1
missingok
}

You will need to add an instance for each daemon you wish to run logrotate on, and make sure the /var/log directory in the config matches the directory that you wish to rotate, for example

/var/log/httpd/* {
daily
rotate 1
missingok
}

You can change these to other time frames, to learn more issue 'man logrotate'

Then try to run it manually with

sudo logrotate -vf /etc/logrotate.conf

If you still have a problem please post any error output from the manual run, as well as the output of

ls -al /var/log/directory_of_interest
0
 

Author Comment

by:Westez
ID: 24199541
What about something like this in /etc/logrotate.d?  I created a file in that folder I named bind.  My path and filename for the log file is /var/log/bind/named.log.  Here's the contents of /etc/logrotate.d/bind.

/var/log/bind/named.log {
missingok
daily
create 644 bind bind
rotate 7
dateext
}



0
 

Author Comment

by:Westez
ID: 24199657
Looks like it's working, I ran the sudo logrotate -vf /etc/logrotate.conf command and here's the contents of /var/log/bind.  I'll check it in the morning and see what it looks like and get back to you.  


 /var/log/bind]# ls -al
total 14716
drwxr-xr-x  2 root root     4096 2009-04-21 16:33 .
drwxr-xr-x 11 root root     4096 2009-04-21 16:33 ..
-rw-r--r--  1 bind bind   140150 2009-04-21 16:38 named.log
-rw-r--r--  1 bind bind 14891325 2009-04-21 16:33 named.log-20090421
0
 
LVL 11

Expert Comment

by:kblack05
ID: 24200013
Good call on adding the chmod. I was trying to keep it basic to get it working.

Please do update me, and we'll just take it from there.

Have a good one.
0
 

Author Comment

by:Westez
ID: 24205082
Thanks for your help Expert, it got me through the tough spot.  Here's this morning's output, it's doing just what I want it to do.

-rw-r--r--  1 bind bind  4876036 2009-04-22 08:59 named.log
-rw-r--r--  1 bind bind 14891325 2009-04-21 16:33 named.log-20090421
-rw-r--r--  1 bind bind  3378703 2009-04-22 06:51 named.log-20090422.gz

Here's the stanza I've created.  This is for others who may be struggling with the same problem as I did.
/var/log/bind/named.log {
missingok
daily
create 644 bind bind
rotate 7
dateext
compress
}

0
 
LVL 11

Expert Comment

by:kblack05
ID: 24210274
You are welcome, and I must compliment you on good form. Adding chmod to the config was a smart thing to do. Enjoy, and come back anytime!

Regards,

K Black
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month20 days, 9 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question