Date: Wed, 28 Feb 2007 11:13:08 -0500 From: "David Robillard" <david.robillard@gmail.com> To: "FreeBSD Questions" <freebsd-questions@freebsd.org> Cc: peter@placidpublishing.net Subject: Re: Apache Rotate Logs and Log Rotate. Message-ID: <226ae0c60702280813q288f646bt8fb8fca886716ee4@mail.gmail.com> In-Reply-To: <45E53C8F.8090100@placidpublishing.net> References: <226ae0c60702151024u6c71d50bn72d54631c33ed32@mail.gmail.com> <45D4D40F.2060703@placidpublishing.net> <226ae0c60702151407t56632fafoa3eabe714b567d1b@mail.gmail.com> <45D4DF88.1020009@placidpublishing.net> <226ae0c60702151454x4b32e698hb89b51005b6938e@mail.gmail.com> <45D5FD5B.6030605@placidpublishing.net> <226ae0c60702161146i6ce6b54ayab9e279c9cf28d1@mail.gmail.com> <45E53C8F.8090100@placidpublishing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/28/07, Peter Pluta <peter@placidpublishing.net> wrote: > Hey David, quick question. I found this while doing a bit of reading. Is > it safe for Syslogd to send a kill -HUP to apache? This site is > extremely high traffic and I wouldn't want it cutting off users during > the HUP to rotate the logs. I'm running Apache 2.2.4 and FreeBSD 6.2 > > http://www.freebsddiary.org/startstop.php > > It looks like Apachectl graceful is the only safe way to restart apache. Hi Peter, The article you're refering to is for Apache 1.3.x and you seem to be running 2.2.x Should you want, you can get more detailed information on how Apache 1.3.x handles kill signals here: http://httpd.apache.org/docs/1.3/stopping.html It's basically the same for Apache 2.2.x which is covered here: http://httpd.apache.org/docs/2.2/stopping.html Having said that, if your site is really busy, then consider changing the kill signal in newsyslog.conf from -HUP to -USR1 which will gracefully ask running httpd processes to restart once they have finished talking to their user. As the article says: ''The USR1 signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately.'' Check the man page for newsyslog.conf(5) at http://www.freebsd.org/cgi/man.cgi?query=newsyslog.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html The last field in newsyslog.conf is where you setup which signal is used. Here's what the man page says: signal_number This optional field specifies the signal number that will be sent to the daemon process (or to all processes in a process group, if the U flag was specified). If this field is not present, then a SIGHUP signal will be sent. Cheers, David > David Robillard wrote: > > Hi Peter, > > > >> Someone told me that I need to gracefully restart apache for it to make > >> a new log; and then wait till Apache's memory buffer is emptied to disk > >> before gziping or bziping the files. > > > > Well, I've never had to do this. Newsyslog send a `kill -HUP` to > > apache's master PID. Which causes Apache to reopen it's log files. For > > me anyway, the newsyslog configuration I gave you never caused me any > > problem at all. Keep in mind that you do have to send Apache a -HUP > > signal, otherwise you'll lose logs when newsyslog rotates them. > > > >> Also, is it wise to have logs for each user in their home directory? > >> Someone told me this is a serious security issue; but I can't see why > >> it would be. > > > > It is a security issue if the user has the rights to login to you > > machine. If he dosen't, then you shouldn't be worried. > > > > But I just don't take that chance and make all of my Apache log files > > under /usr/local/www/virtalhost1/logs which is not accessible from > > Apache itself because I setup my DocumentRoot under > > /usr/local/www/virtalhost1/public_html. This way, I know for sure that > > everything for virtualhost1 is under a single directory, but that my > > logs can't be seen by anyone via Apache. > > > > David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?226ae0c60702280813q288f646bt8fb8fca886716ee4>