Centos – What process creates the access_log.processed file

awstatscentoslogrotatewebalizer

We are having some problems with log rotation on our Centos box.

We've configured the server to perform a logrotation every day and keep the logs for 30 days.
In our log folder, every day a file names access_log.processed is updated and all the logs are pushed into that file.

The real rotated files cannot catch most of the data since most of the data is already transferred to the access_log.process file.

I thought this file must be created by webalizer or awstats. So I've edited the daily cron jobs for webalizer and awstats. Commented out all the action in those cron jobs. We do not use webalizer or awstats at all.

However today, I found that yesterday's data was appended to the access_log.processed file.

What is the process creating/updating this file? How can I disable it.

I guess another approach could be rotating the .processed files. But first I would like to focus on removing an unncessary process.

UPDATE-1
It turns out "psa/admin/sbin/statistics" is updating access_log.processed.
According to this link
http://kb.parallels.com/832
I should be able to find the command in "/etc/cron.daily/50plesk-daily". However, 50plesk-daily contents are as follows:

#!/bin/sh

# install_statistics
/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php >/dev/null 2>&1

# install_mysqldump
/usr/local/psa/bin/mysqldump.sh >/dev/null 2>&1

# install_autoreport daily
/usr/local/psa/admin/bin/php /usr/local/psa/admin/plib/report/autoreport.php --auto daily >/dev/null 2>&1

I tried to read inside the autoreport.php and script.php using "nano" but they both show the following "is part of Plesk 9 distribution. It cannot be run outside of Plesk 9 environment"
and the rest is garbled.

So I commented out the following line:

/usr/local/psa/bin/sw-engine-pleskrun
/usr/local/psa/admin/plib/DailyMaintainance/script.php >/dev/null 2>&1

My understanding is this will stop Plesk generating daily usage data about the domains on this server. That's okay. We have one domain on this server and we don't use plesk panels ever.

Best Answer

Configure auditd to monitor this file. It will tell you who accessed it.