Author Topic: Logrotate for access_log and modsec_audit.log  (Read 93 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Logrotate for access_log and modsec_audit.log
« on: July 06, 2019, 01:16:44 PM »
Hi all,

I've encountered an interesting problem. I'm using the latest CWPro on CentOs 7 64bit. My logrotate for apache logs are configured as: 

/usr/local/apache/domlogs/*.log /usr/local/apache/logs/*log{
        daily
        missingok
        rotate 15
        compress
        delaycompress
        notifempty
        sharedscripts
        dateext
        postrotate
                service httpd restart > /dev/null
        endscript
}

I've noticed that everything within the directory /usr/local/apache/domlogs/*.log has been properly rotated, however

The files:

-rw-r--r--. 1 root   root    12072873 Jul  6 06:20 error_log
-rw-r-----  1 root   root   135950722 Jul  6 08:33 modsec_audit.log
-rw-r--r--. 1 root   root    17917588 Jul  6 08:45 access_log

Have not been rotated. I did a test run using logrotate -d -f and it shows it would have rotated AND logrotate status shows:

"/usr/local/apache/logs/modsec_audit.log" 2019-7-6-8:10:21 so in theory this is all correct. I also checked permissions which seem appropriate.

Any ideas on why this is happening only for the logs in /usr/local/apache/logs?

Offline
*****
Re: Logrotate for access_log and modsec_audit.log
« Reply #1 on: July 13, 2019, 04:41:38 PM »
Try to add as the one config and check.

 /usr/local/apache/logs/*log{
        daily
        missingok
        rotate 15
        compress
        delaycompress
        notifempty
        sharedscripts
        dateext
        postrotate
                service httpd restart > /dev/null
        endscript
}