Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-3036

Audit log rotation with logrotate does not work

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 3.1.0
    • Fix Version/s: OpenIDM 4.0.0
    • Component/s: Module - Audit
    • Labels:

      Description

      We currently provide bin/create-openidm-logrotate.sh to create a logrotate config for rotating audit logs. The issue with this is that the CSVAuditLogger does not know when a new log file has been created and continues writing to the old (now invalid) inode.

      A possibly solution to this type of issue with logrotate is to use copytruncate. The issue with this is that between the file being copied and the old file being truncated there is a small window in which a new audit entry could be inserted that we have missed.

      We need to either handle this rotation internally (similar to log4j) or implement some event that could be triggered in a postrotate that would cause idm to switch to the new audit file.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jason Jason Lemay
              Reporter:
              jim.mitchener Jim Mitchener
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: