[BlueOnyx:03101] Re: LogRotate error?
Darrell D. Mobley
dmobley at uhostme.com
Sun Dec 13 17:56:05 -05 2009
> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> On Behalf Of Dr. Blunt
> Sent: Saturday, December 12, 2009 4:22 PM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:03099] Re: LogRotate error?
>
> Seems an older thread may have an answer?
> http://www.nuonce.net/support/viewthread.php?fid=15&tid=2213&action=printa
> ble
Actually, it doesn't. I looked around Brian's support site and he told quite
a few people that it was long URLs in the httpd access log. He encouraged
users to search his support site for posts. I found a few.
I then expanded my search to Google on the terms "analog /usr/bin/analog:
Warning L: Large number of corrupt lines in logfile stdin". Many of the
links were to the NuOnce site. A number were recommending that the
LOGFORMAT wasn't correct, like the error message said, but I found one at
http://www.kaffeesud.org/index.php?id=28 that was different and it
referenced CentOS.
The article talked scientific notation in the /var/log/ipacct log file
produced by /etc/cron.hourly/ip_traffic. I wondered if this could be what
was wrong with the BX systems, so I enabled "DEBUG +C" in /etc/analog.cfg,
right above the WARNINGS line.
I looked on BX to see what used the /var/log/ipacct file, and it used by
/etc/logrotate.d/sitestats.
I edited /etc/logrotate.conf, and changed the line "include
/etc/logrotate.d" to "include /etc/logrotate.d/sitestats" and manually ran "
/usr/sbin/logrotate -f /etc/logrotate.conf".
This was the output:
C: Other - - [05/Dec/2009:12:01:01 -0500] "GET /input HTTP/1.1" 200 -7261 ""
""
C: *
C: Other - - [05/Dec/2009:13:01:02 -0500] "GET /input HTTP/1.1" 200 -11160
"" ""
C: *
C: Other - - [05/Dec/2009:14:01:01 -0500] "GET /input HTTP/1.1" 200 -1320 ""
""
C: *
C: Other - - [05/Dec/2009:15:01:02 -0500] "GET /input HTTP/1.1" 200
8.59873e+09 "" ""
C: *
C: Other - - [05/Dec/2009:15:01:02 -0500] "GET /output HTTP/1.1" 200
8.59876e+09 "" ""
C: *
This verified that the output of /var/log/ipacct was getting called into
logrotate on BX via /etc/logrotate.d/sitestats and producing my error. The
lines above corresponded with the lines from my /var/log/ipacct:
Other - - [05/Dec/2009:12:01:01 -0500] "GET /input HTTP/1.1" 200 -7261 "" ""
Other - - [05/Dec/2009:13:01:02 -0500] "GET /input HTTP/1.1" 200 -11160 ""
""
Other - - [05/Dec/2009:14:01:01 -0500] "GET /input HTTP/1.1" 200 -1320 "" ""
Other - - [05/Dec/2009:15:01:02 -0500] "GET /input HTTP/1.1" 200 8.59873e+09
"" ""
Other - - [05/Dec/2009:15:01:02 -0500] "GET /output HTTP/1.1" 200
8.59876e+09 "" ""
Scientific notation and negative integers.
Well, BX does have a file /etc.cronhourly/ip_traffic, the file on BX is
apparently named log_traffic. I looked in it and it had code at the lines
referenced in the website article at kaffeesud.org, so I gave it a whirl.
Result: logrotate ran and no error messages.
You can "fix" it on your BX by editing /etc/cron.hourly/log_traffic:
line 211: printf("Other - - %s \"GET /input HTTP/1.1\" 200 %s \"\" \"\"\n",
date, traffic["otherin"])
line 212: printf("Other - - %s \"GET /output HTTP/1.1\" 200 %s \"\" \"\"\n",
date, traffic["otherout"])
line 213: printf("Other - - %s \"GET /forward HTTP/1.1\" 200 %s \"\"
\"\"\n", date, traffic["otherforward"])
The second "%s" is the string format for the traffic[...] variable.
According to the website article, a "%d" is needed here.
line 211: printf("Other - - %s \"GET /input HTTP/1.1\" 200 %d \"\" \"\"\n",
date, traffic["otherin"])
line 212: printf("Other - - %s \"GET /output HTTP/1.1\" 200 %d \"\" \"\"\n",
date, traffic["otherout"])
line 213: printf("Other - - %s \"GET /forward HTTP/1.1\" 200 %d \"\"
\"\"\n", date, traffic["otherforward"])
Maybe this can get added to the base files as it should at least eliminate
some of the posts.
More information about the Blueonyx
mailing list