How can I rotate logs generated externally with s6-log?

Topic: How can I rotate logs generated externally with s6-log? (Read 668 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

How can I rotate logs generated externally with s6-log?

17 December 2021, 00:58:52

Hello everybody, I'm configuring Tomoyo Linux following this guide:

https://wiki.archlinux.org/title/TOMOYO_Linux#Log_daemon

I decided to make an oneshot script in s6

Code: [Select]

/etc/s6/adminsv/tomoyo-audit/up
-----------------------------------------                              
#!/bin/execlineb -P
exec /usr/sbin/tomoyo-auditd

Code: [Select]

/etc/s6/adminsv/tomoyo-audit/down
-------------------------------------------                            
#!/bin/execlineb -P
exec pkill tomoyo-audit

Code: [Select]

/etc/s6/adminsv/tomoyo-audit/type
-------------------------------------------
oneshot

I know that configuration file for tomoyo-audit is in /etc/tomoyo/tools/auditd.conf, but I haven't found a way to configure tomoyo-audit to run in "foreground".

I don't know if I can use s6-log only for rotate purposes. Or maybe you know such a trick to make tomoyo-audit run in foreground and log with s6-log. In the worst case I should use logrotate but I don't know if I can avoid install another tool.

Re: How can I rotate logs generated externally with s6-log?

Reply #1 – 17 December 2021, 15:02:15

If the daemon really has no proper way to run in the foreground, you can use s6-fghack to accomplish this like so.

Code: [Select]

exec s6-fghack tomoyo-auditd

You could then make a *-log service and an s6-rc pipeline as usual and it should do what you want.

Re: How can I rotate logs generated externally with s6-log?

Reply #2 – 17 December 2021, 19:28:43

Hello @Dudemanguy, firstable thanks for your reply. I cannot achieve what I want but your tip is going to be useful for other things.

The thing is no matter how much I try to run tomoyo-auditd in the foreground this tool is made to write logs directly to a text file, so the foreground option is going to be useful for changing the script type from "oneshot" to "longrun" something I also want.

I don't want to install log-rotate but it seems the only way to rotate those logs unless I am missing something.

Re: How can I rotate logs generated externally with s6-log?

Reply #3 – 17 December 2021, 20:51:58

Ah, I see. Yeah, if tomoyo-auditd does not write to stdout or stderr then directly using s6-log won't help you here. If the program has an option to write to syslog, you're not out of luck yet. You can install syslogd-s6 which is basically a syslog daemon built entirely from s6 tools (s6-socklog and s6-log). If the program refuses to log to anywhere else besides one particular file, then sadly there's nothing you can do here.

Re: How can I rotate logs generated externally with s6-log?

Reply #4 – 17 December 2021, 22:51:43

A possible hack is making the program write to a FIFO and/or (for bonus hackish points) /dev/fd that ultimately sends the information to an s6-log instance.

I have neither the Tomoyo LSM nor found documentation for the configuration file to have even an idea whether this would work, so take this suggestion with a grain of salt (or a whole salt shaker, preferably).

Re: How can I rotate logs generated externally with s6-log?

Reply #5 – 19 December 2021, 02:18:42

Hello again to both, thanks for your reply. I couldn't get 100% what I wanted but I finally installed logrotate to solve the issue. It's not the ideal solution to me but I only need it to rotate logs so I didn't have to install any syslog daemon.

The s6-fghack is awesome, with this I could convert the service from "oneshot" to "longrun" and it's supervised something I really appreciate.

Thank you very much and best regards.