Close Open DNS Servers Published: Mar 16, 2006
  • Rating

    5/5

Logrotate still does not properly rotate all log files, even though this has been a known problem for over a year. We take a fresh look at some of the logs that Logrotate misses.

Since the beginning of time, cPanel has had logs that it simply does not rotate properly. Why this has been an ongoing problem that has never been fixed is beyond me, but it CAN be fixed and we'll go through what is needed to accomplish this.

The most important logs that are missed are the Apache system logs that are located in /usr/local/apache/logs. SSH into your server as root.

pico /etc/logrotate.d/httpd
(on some servers this file is called apache)

The first line should read:

/usr/local/apache/logs/*log {

Also you need to change the line that reads:

/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true

to:

/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
(the above line should all be on ONE LINE!)

The next log file that needs to be dealt with is /var/log/xferlog.  This is your FTP transfer log.

pico /etc/logrotate.d/ftp

This will create a new file.  If you are running ProFTP, paste the following snippet into this file:

/var/log/xferlog {
postrotate /bin/kill -HUP `cat /var/proftpd.pid 2> /dev/null` 2> /dev/null || true
endscript
missingok
}

If you are running PureFTP then paste this into the file:

/var/log/xferlog {
postrotate /bin/kill -HUP `cat /var/run/pure-ftpd.pid 2> /dev/null` 2> /dev/null || true
endscript
missingok
}

The next item we need to deal with is for any sites for which you have installed SSL certificates for.  If you have not installed any SSL certificates, then you can skip this section.  Any domain that you have installed an SSL certificate for gets a log file for tracking SSL traffic and it is located in /var/log.  These are pretty simple to add.

pico /etc/logrotate.conf

Add an entry styled like the one below for each secure domain you have on your server at the end of the file:

/var/log/securedomain.tld {
weekly
rotate 1
}

Take a look in /var/log to make sure that you have the proper filename i that first line.  It will match exactly as you have it set up in WHM.

One other stray log that cPanel ignores is /var/log/chkservd.log.  Add this section to the same file (/etc/logrotate.conf) that you were just editing:

/var/log/chkservd.log {
weekly
rotate 1
}

To add insult to injury, cPanel is not rotating its own logs either.  Place this in the same file we have been editing:

/usr/local/cpanel/logs/stats_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/access_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/error_log {
weekly
rotate 1
}

That is all the logs in my systems that I found that were not getting rotated.  Armed with this information you should be able to rotate nearly any log, but if you do find some more, please drop me a line so I can update the article.

  • Rating

    5/5

Related Articles

Comments (20)

  • Gravatar - Jen
    Jen 19:58, March 20, 2006
    If you have multiple servers running off the same DNS, make sure that you put all those server IPs in the trusted area if they are resolving through that DNS:<br />
    <br />
    <pre>acl "trusted" {<br />
    mainIP;secondaryIP;firstserverip;secondserverip;127.0.0.1;<br />
    };</pre><br />
    <br />
    Otherwise, great tutorial.
  • Gravatar - zac
    zac 21:57, March 22, 2006
    actually all you need to do is tihs:<br />
    <br />
    options {<br />
    recursion no;<br />
    };<br />
    <br />
  • Gravatar - Rajesh
    Rajesh 09:42, March 23, 2006
    i did as per the instructions but the "Open DNS Servers" still show fail. please let me what else is to be done.
  • Gravatar - Andrew
    Andrew 20:11, March 23, 2006
    The above breaks Bind on a VPS
  • Gravatar - Rajesh
    Rajesh 10:10, March 29, 2006
    I did as mentioned above but still the "Open DNS Servers" show fail in the DNS stuff.
  • Gravatar - dew
    dew 11:40, April 12, 2006
    really
  • Gravatar - alan
    alan 12:46, April 18, 2006
    this worked as-is for me
  • Gravatar - valtea
    valtea 20:35, April 19, 2006
    My server have <br />
    <br />
    root@server [/etc]# cat named.conf<br />
    include "/etc/rndc.key";<br />
    <br />
    controls {<br />
    inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };<br />
    };<br />
    So where do i Add <br />
    acl "trusted" {<br />
    mainIP;secondaryIP;127.0.0.1;<br />
    };<br />
    Will it be on the same line with the keys after "rndckey"; <here><br />
    or <br />
    "rndckey"; }; <Here><br />
    };
  • Gravatar - Ryan
    Ryan 02:22, May 4, 2006
    Did anyone come up with an answer for valtea or does anyone know? I have been researching until I am blue in the face.
  • Gravatar - Dan
    Dan 16:54, May 13, 2006
    Got the same problem as valtea!
  • Gravatar - Kyle
    Kyle 19:34, May 15, 2006
    Same problem as above!
  • Gravatar - Steve
    Steve 17:46, May 18, 2006
    Add it after the controls section. <br />
    <br />
    EG:<br />
    controls {<br />
    inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };<br />
    };<br />
    <br />
    Add it here<br />
  • Gravatar - Nick
    Nick 08:35, June 27, 2006
    Thanks, this tutorial worked great!
  • Gravatar - Spock
    Spock 21:15, July 9, 2006
    Steve, I tried adding it after controls, but I receive this error:<br />
    <br />
    Stopping named: [ OK ]<br />
    Starting named: /etc/named.conf:17: missing ';' before '}'<br />
    /etc/named.conf:18: missing ';' before '}'<br />
    /etc/named.conf:19: missing ';' before '}'<br />
    <br />
    Jul 10 04:12:50.694 starting BIND 9.2.4 -g<br />
    Jul 10 04:12:50.717 using 1 CPU<br />
    Jul 10 04:12:50.722 loading configuration from '/etc/named.conf'<br />
    Jul 10 04:12:50.723 /etc/named.conf:1: open: /etc/rndc.key: permission denied<br />
    Jul 10 04:12:50.723 loading configuration: permission denied<br />
    Jul 10 04:12:50.723 exiting (due to fatal error)<br />
    Error in configuration file /etc/named.conf : [FAILED]<br />
    <br />
    ===================<br />
    Here are the first lines of my named.conf:<br />
    <br />
    include "/etc/rndc.key";<br />
    <br />
    controls {<br />
    inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };<br />
    };<br />
    <br />
    acl "trusted" {<br />
    ip1;ip2;ip3;ip4;ip5;127.0.0.1;<br />
    };<br />
    <br />
    //<br />
    // named.conf for Red Hat caching-nameserver<br />
    //<br />
    <br />
    options {<br />
    directory "/var/named";<br />
    allow-recursion { trusted };<br />
    allow-notify { trusted };<br />
    allow-transfer { trusted };<br />
    dump-file "/var/named/data/cache_dump.db";<br />
    statistics-file "/var/named/data/named_stats.txt";<br />
    /*<br />
    * If there is a firewall between you and nameservers you want<br />
    * to talk to, you might need to uncomment the query-source<br />
    * directive below. Previous versions of BIND always asked<br />
    * questions using port 53, but BIND 8.1 uses an unprivileged<br />
    * port by default.<br />
    */<br />
    // query-source address * port 53;<br />
    version "surely ye jest?";<br />
    };<br />
    ===================<br />
    Suggestions?
  • Gravatar - Spock
    Spock 21:27, July 9, 2006
    Solved it! I just missed the ";" after the words trusted inside allow-recursion { trusted; }; etc.
  • Gravatar - Andrew
    Andrew 04:40, July 20, 2006
    How long does it takes dnsreport.com to update this info after you make changes?
  • Gravatar - Hussein
    Hussein 05:50, October 15, 2006
    Like Zac above noted.<br />
    All you need to do is add a like in the options sections that looks like this:<br />
    <br />
    recursion no;<br />
    <br />
    This should close your server.<br />
    <br />
    If you need to harden and secure Bind even more, you can have a look at this site:<br />
    <br />
    http://www.cymru.com/Documents/secure-bind-template.html<br />
    <br />
    You need to be carful, and back up your named.conf file before testing, but this is a complete secured Bind template.<br />
    <br />
    Cheers
  • Gravatar - Ricardo
    Ricardo 05:44, April 4, 2007
    I did all this things but the problem i have is that then my clients stop receiving emails and they are not able to send either i have added all the ips of the server plus 127.0.0.1...any ideas?
  • Gravatar - G
    G 03:59, June 1, 2007
    thanks worked a treat
  • Gravatar - ahmed
    ahmed 07:55, February 25, 2010
    close open dns

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com