Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

DNS stops logging after log file rotation (OS X 10.10.1, Server 4)

Greetings!


I am running DNS on my OS X Server and after nightly log rotation (via "newsyslog"), I see this entry in my DNS log, and no activity after the log is rotated:


Dec 31 00:30:00 leo newsyslog[27034]: logfile turned over


It's only after I stop and restart the DNS service via the Server app will it then begin logging its activity. Is anyone else experiencing this? It's almost as if the 'newsyslog' process isn't sending a restart signal to named when it rolls the log files.


(To see your DNS logs, open the Server app, select "Logs" on the left, then choose "Service Log" under the DNS section.)


Many thanks! —michael


p.s. Here's the information from named in system.log when DNS is restarted. I'm running BIND v 9.9.5, which as of this writing, is the latest build pushed out to machines running Server 4 (build 14S333). I edited out my machine's name and replaced it with 'myserver.mydomain.tld':


Dec 31 10:45:39 [myserver.mydomain.tld] named[50909]: starting BIND 9.9.5 -f

Dec 31 10:45:39 [myserver.mydomain.tld] named[50909]: built with '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--prefix=/usr' '--sysconfdir=/private/etc' '--localstatedir=/private/var' '--enable-atomic=no' '--with-openssl=no' '--with-gssapi=yes' '--enable-symtable=none' 'CC=/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.10.xctoolchain/ usr/bin/cc' 'CFLAGS=-arch x86_64 -g -Os -pipe -gdwarf-2 -std=gnu89' 'LDFLAGS=-arch x86_64 -framework IOKit -framework CoreFoundation'

Mac mini, OS X Yosemite (10.10.1), Server 4

Posted on Dec 31, 2014 7:52 AM

Reply
20 replies

Jan 2, 2015 5:46 AM in response to Linc Davis

Thanks for the response. No I haven't updated this file. It appears to be the 'stock' conf file from the Server distribution. It's dated September 9 and only contains one instruction (below). —michael

sh-3.2# cat /etc/newsyslog.d/files.conf

# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]

/Library/Logs/named.log 644 5 * $D0 J

Jan 2, 2015 5:48 AM in response to Alberto Ravasio

Thanks for the reply. When I see that named is no longer logging, I stop/restart the service so it picks back up again. My /Library/Logs directory contains the current named.log as well as the rotated/compressed archives (below). Thanks! —michael

sh-3.2# ls -l /Library/Logs/named*

-rw-r--r-- 1 root admin 24141 Jan 2 08:48 /Library/Logs/named.log

-rw-r--r-- 1 root admin 47479 Jan 2 00:30 /Library/Logs/named.log.0.bz2

-rw-r--r-- 1 root admin 81389 Jan 1 00:30 /Library/Logs/named.log.1.bz2

-rw-r--r-- 1 root admin 18646 Dec 31 00:30 /Library/Logs/named.log.2.bz2

-rw-r--r-- 1 root admin 5073 Dec 30 00:30 /Library/Logs/named.log.3.bz2

-rw-r--r-- 1 root admin 52668 Dec 29 00:30 /Library/Logs/named.log.4.bz2

-rw-r--r-- 1 root admin 4295 Dec 28 00:30 /Library/Logs/named.log.5.bz2

Jan 2, 2015 6:07 AM in response to Alberto Ravasio

Thanks Alberto. My "logging" section in named.conf is identical to yours. However my question is less about WHAT is being logged than when log files are "rotated," nothing appears after the timestamp indicating that the log file for named was turned over.


It could be empty for DAYS, even though the DNS service is running. —mr

Jan 2, 2015 6:31 AM in response to regoli

These are my named log files


-rw-r--r-- 1 root admin 1910 2 Gen 14:40 /Library/Logs/named.log

-rw-r--r-- 1 root admin 1449 2 Gen 00:30 /Library/Logs/named.log.0.bz2

-rw-r--r-- 1 root admin 127 1 Gen 00:30 /Library/Logs/named.log.1.bz2

-rw-r--r-- 1 root admin 124 31 Dic 00:30 /Library/Logs/named.log.2.bz2

-rw-r--r-- 1 root admin 3821 30 Dic 00:30 /Library/Logs/named.log.3.bz2

-rw-r--r-- 1 root admin 2950 29 Dic 00:30 /Library/Logs/named.log.4.bz2

-rw-r--r-- 1 root admin 126 28 Dic 00:30 /Library/Logs/named.log.5.bz2

As you can see, most of them are very small, and just contain a few lines. Well, my LAN is very small, though.

The following is named.log.5.bz2


Dec 27 00:30:00 XXX newsyslog[96068]: logfile turned over
Dec 28 00:30:00 XXX newsyslog[10479]: logfile turned over


And this is the actual named.log. There are 20 lines, overall. I didn't restart DNS service. I just added an alias record this morning at 11:40


Jan  2 00:30:00 XXX newsyslog[61130]: logfile turned over
02-Jan-2015 11:40:00.959 managed-keys-zone/com.apple.ServerAdmin.DNS.public: loaded serial 0
02-Jan-2015 11:40:00.967 zone 0.0.127.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 1997022700
02-Jan-2015 11:40:00.969 zone X.X.X.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2015010201
02-Jan-2015 11:40:00.970 zone localhost/IN/com.apple.ServerAdmin.DNS.public: loaded serial 42
02-Jan-2015 11:40:00.971 zone XXXXXX/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2015010201
02-Jan-2015 11:40:00.972 all zones loaded
02-Jan-2015 11:40:00.972 running
...

Jan 22, 2015 4:46 PM in response to Linc Davis

Sorry I missed the follow-up to my query! Here's the output, as requested:


leo:~ mr$ sudo newsyslog -Fv

Password:

/var/log/ftp.log <5J>: does not exist, skipped.

/var/log/hwmond.log <5J>: does not exist, skipped.

/var/log/ipfw.log <5J>: does not exist, skipped.

/var/log/lpr.log <5J>: does not exist, skipped.

/var/log/ppp.log <5J>: does not exist, skipped.

/var/log/wtmp <3>: does not exist, skipped.

/Library/Logs/ProfileManager/edit-audit.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/php.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/php-fpm.devicemgr.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/task-audit.log <10J>: does not exist, skipped.

/Library/Logs/Mail/mail-err.log <10J>: size (Kb): 4 [10240] --> trimming log....

newsyslog: can't open pid file: /var/run/dovecot/master.pid: No such file or directory

/Library/Logs/Mail/mail-info.log <10J>: size (Kb): 8 [10240] --> trimming log....

/Library/Logs/Mail/mail-debug.log <10J>: size (Kb): 0 [10240] --> trimming log....

/Library/Logs/Mail/amavis.log <10J>: size (Kb): 96 [10240] --> trimming log....

newsyslog: can't open pid file: /Library/Server/Mail/Data/scanner/amavis/amavisd.pid: No such file or directory

/Library/Logs/Mail/clamav.log <10J>: size (Kb): 12 [10240] --> trimming log....

/Library/Logs/Mail/freshclam.log <10J>: size (Kb): 8 [10240] --> trimming log....

/Library/Logs/Mail/listserver.log <10J>: size (Kb): 0 [10240] --> trimming log....

/Library/Logs/Mail/junkmail.log <10J>: size (Kb): 4 [10240] --> trimming log....

/Library/Logs/slapconfig.log <10J>: size (Kb): 8 [1000] --> trimming log....

/var/log/xscertd.log <5J>: size (Kb): 8 [10000] --> trimming log....

/Library/Logs/named.log <5J>: --> trimming log....

/var/log/wifi.log <5J>: size (Kb): 16 [2500] --> trimming log....

/Library/Server/Calendar and Contacts/Logs/servermgr_calendar.log <5J>: size (Kb): 1628 [10000] --> trimming log....

/Library/Server/Calendar and Contacts/Logs/xpg_ctl.log <5J>: size (Kb): 172 [10000] --> trimming log....

Signal all daemon process(es)...

Notified daemon pid 21 = /var/run/syslog.pid

Pause 1 second(s) between signals

newsyslog: can't notify daemon, pid 2999: No such process

newsyslog: can't notify daemon, pid 2998: No such process

Pause 10 seconds to allow daemon(s) to close log file(s)

Compress all rotated log file(s)...

newsyslog: log /Library/Logs/Mail/mail-debug.log.0 not compressed because daemon(s) not notified

newsyslog: log /Library/Logs/Mail/mail-err.log.0 not compressed because daemon(s) not notified

newsyslog: log /Library/Logs/Mail/mail-info.log.0 not compressed because daemon(s) not notified

newsyslog: log /Library/Logs/Mail/amavis.log.0 not compressed because daemon(s) not notified

Sep 24, 2015 7:27 AM in response to MplsEE08

I ran into a separate issue which might give you some clues. I was running a LaunchAgent as a normal user. This launch agent was outputting logs owned by the running user as expected. When I configured log rotation with newsyslog.d, the default was to compress the old logs, and then create new log files owned as root. So, after the log rotation happened, the job running as a normal user could not write to the log files, and the job died. Configuring the .conf file for the log rotation to create the new logs as the user (instead of root) solved the problem.

Oct 27, 2015 9:12 AM in response to PFWMEDIA

It's hard to come back to a thread that's this old, since software updates (I'm now running 10.10.5) and tweaks to the system have been made. But let me just say that since I wrote this, named log files are rotating.


I have this instruction in "/etc/newsyslog.d/files.conf":


# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]

/Library/Logs/named.log 644 5 * $D0 J


And sure enough, there are five sets of rolling named.log files (plus the current file) in /Library/Logs:

sh-3.2# ls -l /Library/Logs/named*

-rw-r--r-- 1 root admin 58 Oct 27 00:30 /Library/Logs/named.log

-rw-r--r-- 1 root admin 37336 Oct 27 00:30 /Library/Logs/named.log.0.bz2

-rw-r--r-- 1 root admin 21324 Oct 26 00:30 /Library/Logs/named.log.1.bz2

-rw-r--r-- 1 root admin 30077 Oct 25 00:30 /Library/Logs/named.log.2.bz2

-rw-r--r-- 1 root admin 447965 Oct 24 00:30 /Library/Logs/named.log.3.bz2

-rw-r--r-- 1 root admin 27689 Oct 23 00:30 /Library/Logs/named.log.4.bz2

-rw-r--r-- 1 root admin 45531 Oct 22 00:30 /Library/Logs/named.log.5.bz2


The process that rotates the logs is called "newsyslog". (See the man page.) To run "newsyslog" to see what it would do every time its called from cron, simply run it with the "-nv" flag. Here's the output from my server:


sh-3.2# newsyslog -nv

/var/log/ftp.log <5J>: does not exist, skipped.

/var/log/hwmond.log <5J>: does not exist, skipped.

/var/log/ipfw.log <5J>: does not exist, skipped.

/var/log/lpr.log <5J>: does not exist, skipped.

/var/log/ppp.log <5J>: does not exist, skipped.

/var/log/wtmp <3>: does not exist, skipped.

/Library/Logs/ProfileManager/edit-audit.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/php.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/php-fpm.devicemgr.log <10J>: does not exist, skipped.

/Library/Logs/ProfileManager/task-audit.log <10J>: does not exist, skipped.

/Library/Logs/Mail/mail-err.log <10J>: size (Kb): 16 [10240] --> skipping

/Library/Logs/Mail/mail-info.log <10J>: size (Kb): 8772 [10240] --> skipping

/Library/Logs/Mail/mail-debug.log <10J>: size (Kb): 4 [10240] --> skipping

/Library/Logs/Mail/amavis.log <10J>: size (Kb): 1692 [10240] --> skipping

/Library/Logs/Mail/clamav.log <10J>: size (Kb): 3464 [10240] --> skipping

/Library/Logs/Mail/freshclam.log <10J>: size (Kb): 2068 [10240] --> skipping

/Library/Logs/Mail/listserver.log <10J>: size (Kb): 4 [10240] --> skipping

/Library/Logs/Mail/junkmail.log <10J>: size (Kb): 292 [10240] --> skipping

/Library/Logs/slapconfig.log <10J>: size (Kb): 496 [1000] --> skipping

/var/log/xscertd.log <5J>: size (Kb): 4 [10000] --> skipping

/Library/Logs/named.log <10J>: --> will trim at Wed Oct 28 00:00:00 2015

/var/log/wifi.log <5J>: size (Kb): 4 [2500] --> skipping

/Library/Server/Calendar and Contacts/Logs/servermgr_calendar.log <5J>: size (Kb): 8512 [10000] --> skipping

/Library/Server/Calendar and Contacts/Logs/xpg_ctl.log <5J>: size (Kb): 288 [10000] --> skipping


Try incorporating the setting above in "files.conf" and see if it doesn't solve the problem. Good luck! —michael

DNS stops logging after log file rotation (OS X 10.10.1, Server 4)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.