Nginx log rotate

[ccesario]

Hi folks,
Could someone explain how is done the Nginx log rotate?
It seems  that tls_handshake.log does not rotating, i my system I need delete it manually, it was 5Gb.

Best regards
Carlos

[fabian]

https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/newsyslog.conf

[ccesario]

Hi Fabian, thanks by reply.
Well, this confirm my suspect. The tls_handshake.log log file does not have syslog rule for rotate it.

Is it possible add it?

Regards,
Carlos

[fabian]

yes but this has some side effects - the reason why it is not rotated is because it builds the stats used for the fingerprint page from that file. If it is rolled over, the data will not be available anymore so the display feature may not work anymore for users who have not such a huge amount of traffic to get such a log on a daily basis.

I think the solution to get is rotating it less frequently like once per one or two weeke or so.

[ccesario]

Ohhh I undesrtood.
But this file increase fast fast and cause storage problem... One day running in my env cause more than 2GB

:)
Currently I clean it by cron

[fabian]

If you don't use this feature, you can delete it every minute (thats's the log reopen interval which is required for bot banning).
For the feature it would be enough to store the aggregated tuples {user agent, TLS curves, TLS ciphers, count}.
So we can group them using a cron so the file is rotated for example every hour if that helps. This has the small disadvantage, that the data is not in real time anymore but I think this is OK since the feature needs some time for a good accuracy.

[ccesario]

Hi Fabian, thank you by your feedback.

I have created a syslog entry to rotate each hour, and it seems this solve my issue

Best regards
Carlos

[fabian]

patch is available: https://github.com/opnsense/plugins/pull/1427

[ccesario]

Hi Fabian,

Thanks for this. it is working as expeced for me.

:)