Fix Log Rotation Problems Published: Jul 14, 2004
  • Rating

    5/5

Logrotate still does not properly rotate all log files, even though this has been a known problem for over a year. We take a fresh look at some of the logs that Logrotate misses.

Since the beginning of time, cPanel has had logs that it simply does not rotate properly. Why this has been an ongoing problem that has never been fixed is beyond me, but it CAN be fixed and we'll go through what is needed to accomplish this.

The most important logs that are missed are the Apache system logs that are located in /usr/local/apache/logs. SSH into your server as root.

pico /etc/logrotate.d/httpd
(on some servers this file is called apache)

The first line should read:

/usr/local/apache/logs/*log {

Also you need to change the line that reads:

/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true

to:

/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
(the above line should all be on ONE LINE!)

The next log file that needs to be dealt with is /var/log/xferlog.  This is your FTP transfer log.

pico /etc/logrotate.d/ftp

This will create a new file.  If you are running ProFTP, paste the following snippet into this file:

/var/log/xferlog {
postrotate /bin/kill -HUP `cat /var/proftpd.pid 2> /dev/null` 2> /dev/null || true
endscript
missingok
}

If you are running PureFTP then paste this into the file:

/var/log/xferlog {
postrotate /bin/kill -HUP `cat /var/run/pure-ftpd.pid 2> /dev/null` 2> /dev/null || true
endscript
missingok
}

The next item we need to deal with is for any sites for which you have installed SSL certificates for.  If you have not installed any SSL certificates, then you can skip this section.  Any domain that you have installed an SSL certificate for gets a log file for tracking SSL traffic and it is located in /var/log.  These are pretty simple to add.

pico /etc/logrotate.conf

Add an entry styled like the one below for each secure domain you have on your server at the end of the file:

/var/log/securedomain.tld {
weekly
rotate 1
}

Take a look in /var/log to make sure that you have the proper filename i that first line.  It will match exactly as you have it set up in WHM.

One other stray log that cPanel ignores is /var/log/chkservd.log.  Add this section to the same file (/etc/logrotate.conf) that you were just editing:

/var/log/chkservd.log {
weekly
rotate 1
}

To add insult to injury, cPanel is not rotating its own logs either.  Place this in the same file we have been editing:

/usr/local/cpanel/logs/stats_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/access_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/error_log {
weekly
rotate 1
}

That is all the logs in my systems that I found that were not getting rotated.  Armed with this information you should be able to rotate nearly any log, but if you do find some more, please drop me a line so I can update the article.

  • Rating

    5/5

Related Articles

Comments (6)

  • Gravatar - Nicholas Tritchew
    Nicholas Tritchew 16:39, August 4, 2004
    For the: Home / Hosting Tutorials / Cpanel Tutorials / Fix Log Rotation Problems <br />
    <br />
    I was curious if this log rotate procedure outlined deletes the previous log files when it rotates.<br />
    <br />
    Or does it compress the previous log, stores it in a archive folder, and then creates a new log?<br />
    <br />
    -Nicholas
  • Gravatar - Vince
    Vince 21:53, August 8, 2004
    Hi,<br />
    <br />
    Prior that you mention this:<br />
    "but if you do find some more, please drop me a line so I can update the article."<br />
    <br />
    We have a file xferlog in our /var/log directory.<br />
    <br />
    /var/log/xferlog<br />
    This is about 8MB now.<br />
    <br />
    Can we apply the log rotate which you have provide in http://www.webhostgear.com/144.html<br />
    <br />
    pico /etc/logrotate.conf<br />
    add the below entry:<br />
    <br />
    /usr/local/cpanel/logs/error_log {<br />
    weekly<br />
    rotate 1<br />
    }<br />
    <br />
    Thanks for your advise.<br />
    Sincerely,<br />
    Vincent Kam<br />
    <br />
    <br />
  • Gravatar - Diana Ward
    Diana Ward 20:48, December 23, 2004
    You are quickly becoming my guru! Thank you!
  • Gravatar - tc
    tc 02:18, February 23, 2006
    i use cpanel and the logs for my websites are located at: /usr/local/apache/domlogs/<br />
    <br />
    They are getting rotated. I'm not sure how but they all go back to January 31 and today is February 22. 2006.<br />
    <br />
    This article is old, maybe its out of date as cPanel has gone through a lot of updates. So I'm posting this comment to let others know things may be different.<br />
  • Gravatar - Flash Alexander
    Flash Alexander 15:01, May 28, 2006
    The first instruction refers to apache 'system' logs. Therefore I read it to not cover the 'domlogs'. <br />
    <br />
    Should I also include a line for the domlogs?
  • Gravatar - Louish
    Louish 17:50, January 19, 2009
    My problem isn't the /usr/local/cpanel/logs/ log files, its the ones in /usr/local/apache/logs/ that are huge.<br />
    <br />
    I've had 3 servers lock up because the error_log has gotten over 2 gigs. Can I simply change your weekly rotate 1 code to point to the apache folder? Or is something else special needed?

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com