Apache 和 logrotate 配置 [英] Apache and logrotate configuration
问题描述
上周我在我的服务器上发现了一个问题,因为磁盘使用率为 100%,我发现 apache 创建了一个 60GB 的巨大 error.log 文件.然后我将 LogLevel 更改为emerg,但一周后,它又是 1.3GB,这绝对是太多了.
Last week I found a problem on my server, because the disk usage was 100%, and I found out apache had created a huge error.log file of 60GB. I changed then the LogLevel to emerg, but after one week, it is again 1.3GB which is definitely too much.
此外,我有 6MB 的 access.log 和 167MB 的 other_vhosts_access.log.所以我发现问题可能是 logrotate 不起作用.实际上,日志的 gzip 压缩文件的日期很早(2 月 23 日).
Moreover, I have an access.log of 6MB and an other_vhosts_access.log of 167MB. So I found out that the problem could be logrotate not working. Actually the gzipped files of the logs have a very old date (23rd February).
所以我首先尝试更改 apache2 的 logrotate 文件的配置,为文件添加最大大小,现在看起来像这样:
So I tried first to change the configuration of the logrotate file for apache2, adding a max size for the file, looking now like this:
/var/log/apache2/*.log {
weekly
size 500M
missingok
rotate 20
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
在此之后,我尝试手动强制 logrotate 为 apache 运行特定配置
After this I tried manually to force logrotate to run a specific configuration for apache with
logrotate -f /etc/logrotate.d/apache2
我收到了这个错误:
error: skipping "/var/log/apache2/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/apache2/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/apache2/other_vhosts_access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
奇怪的是,它以某种方式运行轮换,创建一个空的 error.log 文件,但与旧文件具有不同的权限,并且没有压缩现有的 error.log.
The strange thing is that in some way it run the rotation, creating an empty error.log file, but with different permissions from the old one, and not compressing the existing error.log.
查看 apache 日志目录,现在看起来像这样:
Looking at apache log directory, it looks now like this:
-rwxrwxrwx 1 root adm 6.3M Oct 21 10:54 access.log
-rwxrwxrwx 1 root adm 22K Feb 18 2014 access.log.1
-rwxrwxrwx 1 root adm 7.0K Feb 16 2014 access.log.2.gz
-rwxrwxrwx 1 root adm 4.0K Feb 9 2014 access.log.3.gz
-rw------- 1 amministratore amministratore 0 Oct 21 10:32 error.log
-rw-r--r-- 1 root root 1.3G Oct 21 10:57 error.log.1
-rwxrwxrwx 1 root adm 167M Oct 21 10:57 other_vhosts_access.log
-rwxrwxrwx 1 root adm 225K Feb 23 2014 other_vhosts_access.log.1
-rwxrwxrwx 1 root adm 16K Feb 15 2014 other_vhosts_access.log.2.gz
-rwxrwxrwx 1 root adm 3.2K Feb 8 2014 other_vhosts_access.log.3.gz
那么正确的方法是什么?
So what is the right way to proceed?
我应该更改/var/log/apache2 目录的权限吗?(现在是777)我没有设置这些权限,不知道对不对.
Should I change the permissions of the /var/log/apache2 directory? (which is now 777) I didn't set these permissions and I don't know if it is correct.
或者我应该告诉 logrotate 使用哪个用户进行轮换?以及如何?
Or should I tell logrotate which user to use for rotation? And how?
推荐答案
按照网站的说明,我刚刚更改了 logrotate 配置文件,添加了请求的 su 指令如下,现在它以正确的方式旋转.
Following the instructions from a Website, I have just changed the logrotate configuration file, adding the requested su directive as follows and now it rotates in the right way.
su <user> <group>
这篇关于Apache 和 logrotate 配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!