C.3. IdM Domain Services and Log Rotation
Several IdM domain services use the system
logrotate service to handle log rotation and compression:
named(DNS)httpd(Apache)tomcatsssdkrb5kdc(the Kerberos domain controller)
The
logrotate configuration files are stored in the /etc/logrotate.d/ directory.
Example C.1. Default httpd Log Rotation File at /etc/logrotate.d/httpd
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}Warning
The
logrotate policy files for most of the services create a new log file with the same name, default owner, and default permissions as the previous log. However, with the files for named and tomcat, a special create rule sets this behavior with explicit permissions as well as user and group ownership.
Do not change the permissions or the user and group which own the
named and tomcat log files. This is required for both IdM operations and SELinux settings. Changing the ownership of the log rotation policy or of the files can cause the IdM domains services to fail.
Additional Resources
- The 389 Directory Server instances used by IdM as a back end and by the Dogtag Certificate System have their own internal log rotation policies. See the Configuring Subsystem Logs in the Red Hat Directory Server 10 Administration Guide.
- For details about other potential log rotation settings, such as compression settings or the size of the log files, see the Log Rotation in the System Administrator's Guide or the logrotate(8) man page.
