Task #690
closed
Automatic tomcat log rotation
100%
Description
I'd really nice to ship basic pre-configured file logging with CzechIdM.
A logback rolling FILE appender should be sufficient.
Related issues
Updated by Jan Helbich over 6 years ago
Something like this should do the trick:
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>idm.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>idm.log.%d{yyyy-MM-dd}</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
<encoder>
<pattern>${FILE_LOG_PATTERN}</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="FILE" />
</root>
Updated by Petr Fišer over 5 years ago
Worked around this but so far for Linux only.
Log rotation happens using logrotate with copytruncate option specified. Default tomcat logger always appends the logfile, so sparse files do not happen.
Documented to wiki: https://wiki.czechidm.com/tutorial/adm/server_preparation#rotating_tomcat_logs .
Updated by Radek Tomiška about 5 years ago
We are using logback for logging:
https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot/src/main/resources/org/springframework/boot/logging/logback/base.xml
log rotation is configured by 10MB by default:
https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot/src/main/resources/org/springframework/boot/logging/logback/file-appender.xml
This is included in IdM by 'logback-spring.xml' configuration file.
Turning off the default logback configuration with the redundant logs written into CONSOLE (~tomcat) => (copy + update base.xml), can do the trick. Then native tomcat log files will contains only tomcat errors then and will be small enough i hope so (custom linux script for this logs will not be needed).
Updated by Petr Fišer about 5 years ago
- Assignee changed from Radek Tomiška to Luděk Urban
- Check what Radek wrote and compare with existing installation manuals (both for Linux and Windows). If necessary/better, test IdM setup and update manuals. Log rotation should be on daily basis with date suffix (something similar as we do with logrotate).
- Change the configuration if necessary.
- If this is still not viable for deployments, consult with me.
So far, we have log rotation only on Linux. The goal is to have log rotation on Linux and also on Windows. If this is done through logback (and the setup on Lin and Win is therefore the same), that would be awesome.
Updated by Luděk Urban about 5 years ago
Configuration for rotating logs is not installation tutorial nor in 'logback-spring.xml' configuration file.
Installation tutorial must be updated.
I tried setup local test environment with CentOS and IdM 9.4.0 but tomcat can't start because he can't connect to postgreslq even though I can manually connect to postrgresql and there isn't any restriction on network.
Updated by Luděk Urban almost 5 years ago
For a testing purpose a used windows machine "BAKALARI".
I updated IdM to v 9.6.0 .
Then I tried set-up logging to file( no rotation) through logback-spring.xml .
Tomcat created logfile but not in tomcat/logs directory.
Next step is force Tomcat to logging to tomcat/logs and set-up file rotation.
Updated by Radek Tomiška almost 5 years ago
Look out, log-back setting schould be configured to prevent usage tomcat logs. Tomcat logs will be on the same place.
Updated by Luděk Urban almost 5 years ago
I changed configuration in "logback-spring.xml".
I changed "include" because otherwise there will be duplicates in idm.log and tomcat8-stout.log .
I added new appender to write all INFO+ log to file /logs/idm.log
Not final version of "logback-spring.xml".
<include resource="org/springframework/boot/logging/logback/file-appender.xml"/>
<include resource="org/springframework/boot/logging/logback/defaults.xml"/>
<appender name="POKUS" class="ch.qos.logback.core.FileAppender">
<encoder>
<pattern>
%d{dd-MM-yyyy HH:mm:ss.SSS} [%thread] %-5level %logger{36}.%M - %msg%n
</pattern>
</encoder>
<file>logs/idm.log</file>
</appender>
<root level="INFO">
<appender-ref ref="POKUS"/>
</root>
TODO
- Change connector logs to log to idm.log.
- Rotate idm.log.
Updated by Luděk Urban almost 5 years ago
- Status changed from New to In Progress
I changed logback-spring so now idm.log will be rotated.
Not final version of "logback-spring.xml".
<appender name="POKUS" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder>
<pattern>
%d{dd-MM-yyyy HH:mm:ss.SSS} [%thread] %-5level %logger{36}.%M - %msg%n
</pattern>
</encoder>
<file>logs/idm.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>idm.%d{dd-MM-yyyy}.log</fileNamePattern>
<maxHistory>10</maxHistory>
</rollingPolicy>
</appender>
<root level="INFO">
<appender-ref ref="POKUS"/>
</root>
As next step I tried rotating tomact8_stdout.{YYYY-MM-DD}.log and tomact8_stderr.{YYYY-MM-DD}.log because there are logs from connectors.
I tried use "logging_properties.xml" in tomcat but that didn't works because tomcat still writes to these files.
Next I tried redirect tomcat stdout and stderr to idm.log. Tomorrow I will check that but from tests I made it looks like there will same problem as when I tried logging properties.
Updated by Radek Tomiška almost 5 years ago
Configure connectors to using logback:
<logger name="org.identityconnectors" level="WARN"/>
<logger name="net.tirasa.connid" level="WARN"/>
More here: #1141
Why do you need configure tomcat logs?
Updated by Luděk Urban almost 5 years ago
After consultation with Petr Fiser I figured out that changing logback will not help because tomcat, after all redirecting all logs to idm.log through logback, still generates stdout a stderr files. Soo I returned to the idea of changing "logging_properties". I make these changes:
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, 5stdout.org.apache.juli.AsyncFileHandler, 6stderr.org.apache.juli.AsyncFileHandler
5stdout.org.apache.juli.AsyncFileHandler.level = INFO
5stdout.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
5stdout.org.apache.juli.AsyncFileHandler.prefix = tomcat8-stdout2.
5stdout.org.apache.juli.AsyncFileHandler.rotatable = true
5stdout.org.apache.juli.AsyncFileHandler.maxDays = 90
5stdout.org.apache.juli.AsyncFileHandler.suffix = .log
6stderr.org.apache.juli.AsyncFileHandler.level = ALL
6stderr.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
6stderr.org.apache.juli.AsyncFileHandler.prefix = tomcat8-stderr2.
6stderr.org.apache.juli.AsyncFileHandler.rotatable = true
6stderr.org.apache.juli.AsyncFileHandler.maxDays = 90
6stderr.org.apache.juli.AsyncFileHandler.suffix = .log
This still doesn't works but if I can force tomcat to redirect stdout/stderr to use this handler, I can make tomcat to rotate logs.
Updated by Luděk Urban almost 5 years ago
I manage redirection of error logs when I coment out all lines with "java.util.logging.ConsoleHandler" and added this line
.handlers = 1catalina.org.apache.juli.AsyncFileHandler, 6stderr.org.apache.juli.AsyncFileHandler
I tried same thing with stdout but that only write same thing as to the stderr.
Updated by Luděk Urban almost 5 years ago
I successfully tested rotation of stderr.
Updated by Luděk Urban almost 5 years ago
I moved closer to resolving tomcat log rotation with this configuration:
- Logs from IdM
I changed logback spring in IdM configuration. All idm log now will be in idm.log .<!-- <include resource="org/springframework/boot/logging/logback/base.xml"/> --> <include resource="org/springframework/boot/logging/logback/file-appender.xml"/> <include resource="org/springframework/boot/logging/logback/defaults.xml"/> <appender name="idm" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <pattern> %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36}.%M - %msg%n </pattern> </encoder> <file>logs/idm.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>logs/idm.%d{yyyy-MM-dd}.log</fileNamePattern> <maxHistory>90</maxHistory> </rollingPolicy> </appender> <root level="INFO"> <appender-ref ref="idm"/> </root>
- Tomcat's stdout
In tomcat monitor app a turn off logging to tomcat8-stdout.log by changing logging-> redirect stdout : "auto" to "".
We lost some logs from connectors but in idm.log there should be copy of it.Thread Id: 17 Time: 2019-06-01 04:17:43.902 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=net.tirasa.connid.bundles.db.scriptedsql bundleVersion=2.2.4 connectorName=net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/net.tirasa.connid.bundles.db.scriptedsql-2.2.4.jar Thread Id: 17 Time: 2019-06-01 04:17:43.979 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=net.tirasa.connid.bundles.ldap bundleVersion=1.5.1 connectorName=net.tirasa.connid.bundles.ldap.LdapConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/net.tirasa.connid.bundles.ldap-1.5.1.jar Thread Id: 17 Time: 2019-06-01 04:17:44.058 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=net.tirasa.connid.bundles.db.table bundleVersion=2.2.4 connectorName=net.tirasa.connid.bundles.db.table.DatabaseTableConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/net.tirasa.connid.bundles.db.table-2.2.4.jar Thread Id: 17 Time: 2019-06-01 04:17:44.152 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=net.tirasa.connid.bundles.csvdir bundleVersion=0.8.5 connectorName=net.tirasa.connid.bundles.csvdir.CSVDirConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/net.tirasa.connid.bundles.csvdir-0.8.5.jar Thread Id: 17 Time: 2019-06-01 04:17:44.276 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=net.tirasa.connid.bundles.ad bundleVersion=1.3.4.25 connectorName=net.tirasa.connid.bundles.ad.ADConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/net.tirasa.connid.bundles.ad-1.3.4.25.jar Thread Id: 17 Time: 2019-06-01 04:17:44.291 Class: org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl Method: createConnectorInfo(LocalConnectorInfoManagerImpl.java:301) Level: INFO Message: Add ConnectorInfo ConnectorKey( bundleName=csv-connector bundleVersion=1.0.0 connectorName=eu.bcvsolutions.idm.connectors.csv.CSVConnConnector ) to Local Connector Info Manager from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%208.5/webapps/idm/WEB-INF/lib/csv-connector-1.0.0.jar
This must be tested
- Tomcat's stderr
In tomcat monitor app a turn off logging to tomcat8-stderr.log by changing logging-> redirect stderror : "auto" to "".
Then I edited Tomcat 8.5/conf/logging.properties .
I commented out java.util.logging.ConsoleHandler to eliminate stderr logging trough console.handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler #handlers = java.util.logging.ConsoleHandler .handlers = 1catalina.org.apache.juli.AsyncFileHandler #.handlers = java.util.logging.ConsoleHandler, #java.util.logging.ConsoleHandler.level = FINE #java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
Then I set-up rotating of catalina.log.
All stderr log will end here.
1catalina.org.apache.juli.AsyncFileHandler.level = INFO
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
1catalina.org.apache.juli.AsyncFileHandler.rotatable = true
1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90
1catalina.org.apache.juli.AsyncFileHandler.suffix = .log
- TODO
- Test this configuration on project
Updated by Luděk Urban almost 5 years ago
After test on project it emerged that logs from connector in tomcat-stdout are important. Soo we can't simply turn them off. I'm trying to find a way to redirect them.
Updated by Radek Tomiška almost 5 years ago
Logs from connector schould be configured to logback too, see above.
Updated by Luděk Urban almost 5 years ago
I still didn't found the way to redirect conector logs. Soo I ask Radek for help and he found library that can work https://mvnrepository.com/artifact/net.tirasa.connid/slf4j-logging/1.4.2.0 .
Updated by Luděk Urban over 4 years ago
Actual state
Idm conector log can't be redirected(in this state) so all of they are saved in tomcat-stdout file. After 2 month of testing process on project these log create 11GB unrotatable file( all other idm logs create 4GB and they rotate).
Is needed to be change conectors's loging in order to stop tomcat from creating these big files
Updated by Radek Tomiška over 4 years ago
- Related to Feature #1814: Prepare script for log rotation of connector server added
Updated by Luděk Urban over 4 years ago
- % Done changed from 0 to 40
I added slf4j-logging-1.4.2.0.jar library to "Tomcat 8.5\webapps\idm\WEB-INF\lib" and connector logs has been redirected to idm.log.
The first test attempt to rotate logs ended well.
For a next step I will do more testing and do some clean up.
Updated by Radek Tomiška over 4 years ago
We can add lib slf4j-logging-1.4.2.0.jar into product dependencies, if it works as desired.
Updated by Luděk Urban over 4 years ago
- tomcat.log - logs from tomcat container, contain logs only from start and stop of tomcat, will not be rotated
- catalina.log - logs from idm and connectors, will be rotated
Tomcat will still create stdout and stderr, but these files will contain logs from start of tomcat and error if logback will not start properly.
Configuration
Tomcat 8.5/conf/logging.properties
I commented out java.util.logging.ConsoleHandler to eliminate stderr and stdout logging trough console.
Then redirect tomcat container logs from catalina.log to tomcat.log. It's because if there will be only 1 file logback can't rotate it because tomcat holds it open. Tomcat.log is not rotated, but can be rotated if needed.
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler
#handlers = java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler
#.handlers = java.util.logging.ConsoleHandler,
#java.util.logging.ConsoleHandler.level = FINE
#java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
...
...
#1catalina.org.apache.juli.AsyncFileHandler.level = FINE
#1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
1catalina.org.apache.juli.AsyncFileHandler.level = INFO
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = tomcat
1catalina.org.apache.juli.AsyncFileHandler.rotatable = false
1catalina.org.apache.juli.AsyncFileHandler.suffix = .log
Then in idm's logback-spring.xml make these changes:
<!-- this is comented for tomcat rotatio -->
<!-- <include resource="org/springframework/boot/logging/logback/base.xml"/> -->
<springProperty name="spring.profiles.active" source="spring.profiles.active"/>
<!-- Begin tomcat rotation -->
<!-- <include resource="org/springframework/boot/logging/logback/base.xml"/> -->
<include resource="org/springframework/boot/logging/logback/file-appender.xml"/>
<include resource="org/springframework/boot/logging/logback/defaults.xml"/>
<appender name="idm" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder>
<pattern>
%d{yyyy-MM-dd HH:mm:ss.SSS} %5level %relative --- [%thread] %logger{36}.%M : %msg%n
</pattern>
</encoder>
<file>logs/catalina.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logs/catalina.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>90</maxHistory>
</rollingPolicy>
</appender>
<root level="INFO">
<appender-ref ref="idm"/>
</root>
Updated by Luděk Urban over 4 years ago
Due to great changes in logback-spring.xml between linux and windows usage I will create new lockback configuration for windows. This configuration will contain only things we need for windows production usage. Also windows idm will run on different profile( production -> windows).
Updated by Luděk Urban over 4 years ago
New Windows logback-spring.xml with log rotation:
<?xml version="1.0" encoding="UTF-8"?>
<!-- https://springframework.guru/using-logback-spring-boot/ -->
<!-- http://logback.qos.ch/manual/appenders.html -->
<configuration>
<springProperty name="spring.profiles.active" source="spring.profiles.active"/>
<include resource="org/springframework/boot/logging/logback/file-appender.xml"/>
<include resource="org/springframework/boot/logging/logback/defaults.xml"/>
<springProfile name="production">
<logger name="eu.bcvsolutions" level="INFO"/>
<logger name="org.springframework" level="INFO"/>
<logger name="org.springframework.web" level="INFO"/>
<logger name="org.hibernate.SQL" level="INFO"/>
<logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>
<appender name="idm" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder>
<pattern>
%d{yyyy-MM-dd HH:mm:ss.SSS} %5level %relative --- [%thread] %logger{36}.%M : %msg%n
</pattern>
</encoder>
<file>logs/catalina.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logs/catalina.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>90</maxHistory>
</rollingPolicy>
</appender>
<root level="INFO">
<appender-ref ref="idm"/>
</root>
</springProfile>
</configuration>
Updated by Luděk Urban over 4 years ago
- Assignee changed from Luděk Urban to Radek Tomiška
- % Done changed from 40 to 90
Configuration passed an opposition from @fiserp .
Library slf4j-logging-1.4.2.0.jar can be added to IdM. @tomiskar
When this library I will change logback-spring.xml and logging.properties in windows installation tutorial.
Updated by Radek Tomiška over 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Luděk Urban
- Target version set to Rhyolite (9.7.11)
I've added library into product devstack (LTS - requested by Luděk / Petr):
https://github.com/bcvsolutions/CzechIdMng/commit/318883afbb73a5f057c36278387ec016c041962d
Could you do a feedback and complete doc, please?
Updated by Luděk Urban over 4 years ago
- Assignee changed from Luděk Urban to Radek Tomiška
- Target version deleted (
Rhyolite (9.7.11))
when IdM 9.7.11 will be released I will test this changes in configuration.
Updated by Luděk Urban over 4 years ago
- Assignee changed from Radek Tomiška to Luděk Urban
- Target version set to Rhyolite (9.7.11)
Updated by Luděk Urban over 4 years ago
I tested hotfix 9.7.11 on Windows and log rotation worked properly.
Updated by Radek Tomiška over 4 years ago
- Status changed from Needs feedback to Resolved
- % Done changed from 90 to 100
Awesome, thx!
Updated by Radek Tomiška over 4 years ago
- Status changed from Resolved to Closed