Openvpn – Logfiles go blank after logrotate rotates them

log-fileslogrotateopenvpn

I have an ubuntu 8.04 LTS server that runs openvpn. The openvpn server writes to a standard logfile under /var/log and prior to a month ago logrotate would automatically rotate the files and compress them.

The files are still being rotated however the new logfile (ovpn.log) is empty. Restarting the openvpn daemon fixes the issue (ie: openvpn writes status events to the file) but after about 10 days the file is rotated again openvpn can't write to the logfile again. This is also strange because logrotate is set to rotate every 6 months.

Openvpn runs as nobody and the logfiles are owned by root and admin which is strange because it should either work at all times or not work at all if the permissions are the cause, unless openvpn runs as root temporarily and then drops down to nobody after initializing ?

Best Answer

OpenVPN is probably still writing to the OLD log file (the file (inode) that it opened for writing back when it started up).

Logrotate needs to notify the OpenVPN daemon that its log file has been turned over so OpenVPN can open the new logfile (This is usually done via a signal, but stopping/restarting the whole daemon has the same effect. Check the OpenVPN man page & your "postrotate" script).

Alternatively you can configure OpenVPN to use syslog, since logrotate should be notifying syslogd when it rolls your log files (or all your logfiles would be blank).

Related Solutions

Linux – Logrotate Successful, original file goes back to original size

This is probably because even though you truncate the file, the process writing to the file will continue writing at whichever offset it were at last. So what's happening is that logrotate truncates the file, size is zero, process writes to the file again, continuing at the offset it left off, and you now have a file with NULL-bytes up to the point where you truncated it plus the new entries written to the log.

od -c after truncate + sudden growth, generated output along the lines of:

0000000  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
*
33255657600  \0   C   K   B   -   s   e   r   v   e   r       [   h   t   t
33255657620 <more log output>

What this says is from offset 0 to 33255657600 your file consists of null bytes, and then some legible data. Getting to this state doesn't take the same amount of time it would take to actually write all those null-bytes. The ext{2,3,4} filesystems support something called sparse files, so if you seek past a region of a file that doesn't contain anything, that region will be assumed to contain null-bytes and won't take up space on disk. Those null bytes won't actually be written, just assumed to be there, hence the time it takes to go to 0 to 3.5GB don't take a lot of time to. (You can test the amount of time it takes by doing something like dd if=${HOME}/.bashrc of=largefile.bin seek=3432343264 bs=1, this should generate a file of over 3GB in a few milliseconds).

If you run ls -ls on your logfiles after they've been truncated and had a sudden growth again, it should now report a number at the beginning of the line which represents the actual size (in blocks occupied on disk), which probably is orders of magnitude smaller than the size reported by just ls -l.

Debugging logrotate postrotate script

logrotate usually runs as a cron job, and its errors end up being mailed to root. Have a look at /var/mail/root, or alternatively make sure that /etc/aliases directs root's mail somewhere sensible, and that your instance can in fact send mail.

Best Answer

Related Solutions

Linux – Logrotate Successful, original file goes back to original size

Debugging logrotate postrotate script

Related Topic