logrotate(8) and copytruncate as default

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Fri Jun 28 17:27:30 UTC 2013 

On Thu, Jun 27, 2013 at 11:24:07PM -0700, Adam Williamson wrote:
> On Thu, 2013-06-27 at 18:41 -0400, Colin Walters wrote:
> > On Thu, 2013-06-27 at 23:38 +0200, Lennart Poettering wrote:
> > 
> > > Why would you want this? I mean, we rate-limit per-service anyway, so
> > > the issue of one app flooding evreything else should be mostly
> > > non-existant. And hence, what you are asking for is some policy control
> > > about what to delete first, which only really matters if your disk space
> > > is very very limited?
> > 
> > Would you consider it sane to log say Apache traffic to the journal?  If
> > not, then there's still logrotate in the picture, and daemons need to do
> > the whole SIGHUP dance.  You can ignore the rest of this message in that
> > case.
> > 
> > But if you do, then it would seem fairly sane to me on a medium traffic
> > site to want the ability to have different retention
> > policies for the webserver logs versus other system events like sudo
> > activations or a change of the root password.
> 
> I'm not entirely sure how this works, but in some sense, journal
> separates logs *by uid* - if you look in /var/log/journal , there are
> files for root and files for your uid. If you were logging httpd via the
> journal, it may be that it'd wind up in a different journal file for the
> uid httpd was being run as. I haven't checked if you can set rotation
> policies on a per-uid level. (I'm sure Lennart can explain this more,
> er, correctly.)
Splitting is controlled by SplitMode=

  Controls whether to split up journal files per user. One of "login",
  "uid" and "none". If "login" each logged in user will get his own
  journal files, but systemd user IDs will log into the system
  journal. If "uid" any user ID will get his own journal files
  regardless whether it belongs to a system service or refers to a
  real logged in user. If "none" journal files are not split up
  per-user and all messages are stored in the single system journal. [1]

I guess this could be sanely extended to split the logs for some services
out even more.

Zbyszek

[1] http://www.freedesktop.org/software/systemd/man/journald.conf.html#SplitMode=

More information about the devel mailing list