From 34a0da444fdc0924fcd1396e82a87a6bce306363 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Sun, 25 Oct 2020 11:24:52 +0100 Subject: [PATCH] logging fix again --- confs/modsecurity-rules.conf | 2 +- entrypoint.sh | 4 ++-- scripts/logrotate.conf | 11 +++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 scripts/logrotate.conf diff --git a/confs/modsecurity-rules.conf b/confs/modsecurity-rules.conf index 2e60872..6236b06 100644 --- a/confs/modsecurity-rules.conf +++ b/confs/modsecurity-rules.conf @@ -52,7 +52,7 @@ SecResponseBodyLimitAction ProcessPartial SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogType Serial -SecAuditLog /var/log/modsec_audit.log +SecAuditLog /var/log/nginx/modsec_audit.log # scan uploaded files with clamv %USE_CLAMAV_UPLOAD% diff --git a/entrypoint.sh b/entrypoint.sh index c1615cb..0b9c7f6 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -612,14 +612,14 @@ fi # setup logrotate replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MAXAGE%" "$LOGROTATE_MAXAGE" replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MINSIZE%" "$LOGROTATE_MINSIZE" -echo "0 0 * * * logrotate -f /etc/logrotate.conf > /dev/null 2>&1 && pkill -HUP rsyslogd && fail2ban-client restart && nginx -s reload" >> /etc/crontabs/root +echo "0 0 * * * /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/root # display logs LOGS="/var/log/access.log /var/log/error.log" if [ "$USE_FAIL2BAN" = "yes" ] ; then LOGS="$LOGS /var/log/fail2ban.log" fi -tail -f $LOGS & +tail -F $LOGS & wait $! # sigterm trapped diff --git a/scripts/logrotate.conf b/scripts/logrotate.conf new file mode 100644 index 0000000..0730d4c --- /dev/null +++ b/scripts/logrotate.conf @@ -0,0 +1,11 @@ +#!/bin/sh + +logrotate -f /etc/logrotate.conf > /dev/null 2>&1 + +pkill -HUP rsyslogd + +fail2ban-client flushlogs + +if [ -f /tmp/nginx.pid ] ; then + /usr/sbin/nginx -s reload +fi