Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RS: Update log rotation #2738

Merged
merged 3 commits into from
Aug 9, 2023
Merged

RS: Update log rotation #2738

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
14d3153
DOC-2593 Updated log rotation
rrelledge Aug 7, 2023
706228c
Small copy edit
rrelledge Aug 7, 2023
84f979c
Feedback updates & corrections
rrelledge Aug 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 46 additions & 24 deletions content/rs/clusters/logging/log-security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,48 +16,70 @@ aliases: [
---
Redis Enterprise comes with [a set of logs]({{< relref "/rs/clusters/logging/_index.md" >}}) on the server and available through the user interface to assist users in investigating actions taken on the server and to troubleshoot issues.

## Sending logs to a remote logging server
## Send logs to a remote logging server

Redis Enterprise sends logs to syslog by default. You can send these logs to a remote logging server by configuring syslog.

To do this, modify the syslog or rsyslog configuration on your operating system to send logs in `/var/opt/redislabs/log` to a remote monitoring server of your choice.
To do this, modify the syslog or rsyslog configuration on your operating system to send logs in the `$logdir` directory (`/var/opt/redislabs/log` in default installations) to a remote monitoring server of your choice.

## Log rotation

Redis Enterprise uses the default logrotate daemon to schedule rotation of logs stored on the operating system. The configuration of log rotation may be found at /etc/logrotate.d.
Redis Enterprise Software's job scheduler runs `logrotate` every five minutes to examine logs stored on the operating system and rotate them based on the log rotation configuration. You can find the log rotation configuration file at `$pkgconfdir/logrotate.conf` as of Redis Enterprise Software version 7.2 (`pkgconfdir` is `/opt/redislabs/config` by default, but can be changed in a custom installation).

By default the log rotation should occur on a daily basis. We recommend that you send log files to a remote logging server so that they can be more effectively maintained.
By default, log rotation occurs when a log exceeds 200 MB. We recommend sending log files to a remote logging server so you can maintain them more effectively.

The below log rotation policy is enabled by default with Redis Enterprise but can be modified to meet your needs.
The following log rotation policy is enabled by default in Redis Enterprise Software, but you can modify it as needed.

```sh
/var/opt/redislabs/log/*.log
{
daily
missingok
copytruncate
rotate 7
compress
notifempty
/var/opt/redislabs/log/*.log {
su ${osuser} ${osgroup}
size 200M
missingok
copytruncate
# 2000 is logrotate's way of saying 'infinite'
rotate 2000
maxage 7
compress
notifempty
nodateext
nosharedscripts
prerotate
# copy cluster_wd log to another file that will have longer retention
if [ "\$1" = "/var/opt/redislabs/log/cluster_wd.log" ]; then
cp -p /var/opt/redislabs/log/cluster_wd.log /var/opt/redislabs/log/cluster_wd.log.long_retention
fi
endscript
}
/var/opt/redislabs/log/cluster_wd.log.long_retention {
su ${osuser} ${osgroup}
daily
missingok
copytruncate
rotate 30
compress
notifempty
nodateext
}
```

Below describes what the log rotation this configuration policy puts into effect.
- `/var/opt/redislabs/log/*.log` - `logrotate` checks the files under the `$logdir` directory (`/var/opt/redislabs/log/`) and rotates any files that end with the extension `.log`.

- `/var/opt/redislabs/log/cluster_wd.log.long_retention` - The contents of `cluster_wd.log` is copied to `cluster_wd.log.long_retention` before rotation, and this copy is kept for longer than normal (30 days).

- `/var/opt/redislabs/log/*.log` - When logrotate runs it checks the files under directory `/var/opt/redislabs/log/` and rotates any files that end with the extension .log.
- `size 200M` - Rotate log files that exceed 200 MB.

- Daily - The interval is set to daily.
- `missingok` - If there are missing log files, do nothing.

- Missingok - If there are missing logfiles don't do anything.
- `copytruncate` - Truncate the original log file to zero sizes after creating a copy.

- Copytruncate - Truncate the original log file to zero sizes after creating a copy.
- `rotate 2000` - Keep up to 2000 (effectively infinite) log files.

- rotate 7 - Keep 7 log files and delete the rest.
- `compress` - gzip log files.

- compress - gzip log files.
- `maxage 7` - Keep the rotated log files for 7 days.

- notifempty - Don't rotate the log file if it is empty
- `notifempty` - Don't rotate the log file if it is empty.

{{< note >}}
For large scale deployments, it may be nessesary to rotate logs at quicker intervals, such as hourly. This can be done through a cronjob or external vendor solutions.
{{< /note >}}
{{<note>}}
For large scale deployments, you might need to rotate logs at faster intervals than daily. You can also use a cronjob or external vendor solutions.
{{</note>}}