You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Brian J. France" <br...@brianfrance.com> on 2010/11/05 02:26:14 UTC

Log file rotation patch

While at ApacheCon I am working on getting a patch for log file rotation and would like to get some feed back.

With the current patch, see link below, it changes the syntax to ErrorLog to this:

  ErrorLog file-path|syslog[:facility] [rotating[:<interval>]]

examples:

  ErrorLog "logs/error_log" rotating

  ErrorLog "logs/error_log" rotating:30

This enables rotation check to be preformed on the error log and allows changing of the check interval from the default 60 seconds.

The patch is using functionality from apr trunk and adds a new set function for the interval.

I still need to work out the CustomLog and TransferLog, I am thinking like this:

  CustomLog file|pipe format|nickname [env=[!]environment-variable] [rotating[:<interval>]]

There is one security issue that people may have a problem with in that the directory path for the log file has to be writeable by the User that apache drops privilege to.  This is because all the children will need to re-open the log file and the first one will create it.

This is all based on http-trunk and apr-trunk and will need to be split up, just looking for feed back.

If this does get accept, what are the chances of getting it in to 2.4 and the rotation code back ported to apr-1.5?

Brian

http://www.brianfrance.com/software/apache/rotate.diff

Re: Log file rotation patch

Posted by "Brian J. France" <br...@brianfrance.com>.

On Nov 5, 2010, at 12:13 PM, Dirk-Willem van Gulik wrote:

> 
> On 4 Nov 2010, at 21:26, Brian J. France wrote:
> 
>> With the current patch, see link below, it changes the syntax to ErrorLog to this:
>> 
>> ErrorLog file-path|syslog[:facility] [rotating[:<interval>]]
> 
> Nice!
> 
>> There is one security issue that people may have a problem with in that the directory path for the log file has to be writeable by the User that apache drops privilege to.  This is because all the children will need to re-open the log file and the first one will create it.
> 
> That is a pretty big eek. Wondering if we need a logging child - but then one would end up with the rotatelog utility again :)


Not that it changes anything much, but my description was wrong.  The directory path needs to be readable  by User up to the log directory and then the log directory needs to be writable by the User.

Brian

Re: Log file rotation patch

Posted by Dirk-Willem van Gulik <di...@webweaving.org>.

On 4 Nov 2010, at 21:26, Brian J. France wrote:

> With the current patch, see link below, it changes the syntax to ErrorLog to this:
> 
>  ErrorLog file-path|syslog[:facility] [rotating[:<interval>]]

Nice!

> There is one security issue that people may have a problem with in that the directory path for the log file has to be writeable by the User that apache drops privilege to.  This is because all the children will need to re-open the log file and the first one will create it.

That is a pretty big eek. Wondering if we need a logging child - but then one would end up with the rotatelog utility again :)

Dw.