Automatic Cleanup of Log Files by Rotatelogs in Secure Gateway 3.0

RoyATokeshi
May 22, 2006 8:59 am

Citrix states in their article: CTX107583

Document ID: CTX107583, Created on: Sep 14, 2005, Updated: Sep 14, 2005

Products: Secure Gateway 3.0

Automatic Cleanup of Log Files by Rotatelogs in Secure Gateway 3.0

Secure Gateway 3.0 uses the Apache rotatelogs program to manage the logging of error and access records. See the Apache documentation of the rotatelogs program at:

http://httpd.apache.org/docs-2.0/programs/rotatelogs.html

The Apache rotatelogs program supports automatically starting a new log file whenever the current log file reaches a certain size or has had records written to it for a certain period of time. However, the rotatelogs program, as implemented in Apache, does not support automatic cleanup of old log files – the administrator has to delete old log files to prevent the disk from filling up. Secure Gateway 3.0 adds the automatic cleanup of old log files by extending the rotatelogs invocation syntax. Secure Gateway 3.0 adds an optional parameter, which specifies the number of days for retention of the log files, to the end of the parameter list passed to rotatelogs.

This optional parameter has the form NumberOfDaysOfFileRetentionD. The Apache rotatelogs syntax:

rotatelogs logfile [ rotationtime [ offset ]] | [ filesizeM ]
becomes:
rotatelogs logfile [ rotationtime [ offset ] [ retentiondaysD ]] | [ filesizeM [ retentiondaysD ]]

When you configure Secure Gateway 3.0, the configuration wizard creates the hidden httpd.conf file in the conf folder of the Secure Gateway 3.0 install directory. The Secure Gateway 3.0 configuration wizard does not offer you the option of changing the retention period for log files – if you want to change the default retention period (30 days) you have to edit the httpd.conf file.

To change the retention period for the log files change the number in front of the letter D and save the httpd.conf file. You can use any positive number less than 36500. Note that Secure Gateway 3.0 writes out multiple log files – each rotatelogs directive in the httpd.conf file can specify a different retention period. For example, you can retain error logs for 100 days, while retaining access logs for 30 days.

For the error log, the configuration wizard writes the following rotatelogs parameters to the httpd.conf file:

logs/Error_%Y_%m_%d.log 3600 -240 30D
These parameters specify that rotatelogs, when writing the log file for error records will:

• Place the file in the logs folder, and give it a file name starting with Error_ – the rest of the file name contains a date stamp (more on this soon)

• Check whether to create a new log file every hour (3600 seconds)

• Use a 4-hour offset from the GMT (-240 minutes)

• Retain log files for 30 days (30D)

Whenever the rotatelogs program checks whether to start a new log file (once an hour in the case above) it also checks every log file in the log file directory, created by that rotatelogs process, and deletes those whose latest access, create and modify timestamps are older than the retention period. If the retention days parameter is not specified in the parameters to rotatelogs, or contains an invalid value (for example, a negative number or not a number), rotatelogs does not delete any files.

Rotatelogs deletes log files that match the pattern for the name of the log file. That is, the rotatelogs process for error logging will not delete any access log files, or vice versa. The % symbols in the log file name direct the rotatelogs program to treat them as strftime substitution characters. In the case of error log files, the file name Error_%Y_%m_%d.log causes rotatelogs to create a file with the 4-digit year, 2-digit month and 2-digit day of the month in the file name, separated by ‘_’ character, for example, Error_2005_08_01.log for the file created on August 1, 2005.

This file name pattern, in combination with the 3600 parameter as the rotationtime causes rotatelogs to reopen the same error log file once an hour (every 3600 seconds), because the new file name (Error_yyyy_mm_dd.log) matches the current file name, until rotatelogs executes the hourly processing the first time after midnight. At this point rotatelogs will open a new file, instead of reopening an existing one. The UTC offset ensures that rotatelogs treats the timestamp as the local time, instead of GMT time.

For the list of all ‘%’ symbols that you can use in the file name, and their meanings, see:

http://httpd.apache.org/docs-2.0/programs/rotatelogs.html

Important: For administrators that run Secure Gateway 3.0 with English-US locale: do not use the %c (date and time), %X (time), or %x (date) symbols in the log file name – these result in an invalid log file name for English-US Windows systems. The reasons for invalid file names:

• “time” uses ‘:’ to separate parts of the time stamp, and ‘:’ is an invalid character for a file name.

• “date” uses ‘/’ separators, which make the file look as if it is nested into a sub-directory that does not exist. Rotatelogs will not create the file in a directory which does not exist.



Primary links

Custom Search

User login

Who's new

  • maczugaher
  • locksgydff
  • isotheces
  • ahundredyears7
  • Jacomijntjefu

Who's online

There are currently 0 users and 4 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.