Questions about log rotation tools, and log rotation policies in pfSense



  • I have been maintaining a few things on the mod_security+Apache package, given we have a use for it at work (namely the fine tuning for SSL cilent certificates upon reverse proxying).

    I noticed one huge problem however, it's that Apache logs will pile up and have to be erased on a regular basis, lest the whole thing gets brought down in a world of pain.
    I also set up a Redmine ticket for this specific issue :
    https://redmine.pfsense.org/issues/3485

    FreeBSD's default log rotation tools are not available, so even if I did use Apache's rotatelogs (which the current package does not, I will probably have to modify it to support it), I could only generate separate files and not erase the older ones.
    As it is, I am dealing with the issue by adding a cron job by hand to erase the log and restart Apache. I will eventually fix the init script myself, as it is really broken right now, and is actually making extremely poor use of the existing rc.d script provided by the vanilla package.

    I am therefore wondering :

    • how do other applications go about rotating their logs (for the ones who don't have the functionality built-in) ?
    • how does one make a package register a cron job in a clean, future-proof way?
    • pfSense default logs are stored in a static size file, that would be the best way to go about it, but is there a helper tool to create such files, and pipe input in them? (That way log definitions in Apache could be handled with "|/usr/sbin/whatever /var/log/httpd.log", thus fixing the problem for good)

Log in to reply