Importance of log rotation and maintenance

Yesterday, I was faced with the a perplexing error, "Page not viewable, check proxy refusing.. " or something to that effect. Well, I happen to use Privoxy, the client side web proxy. I also use squid a server side web proxy on my smoothwall firewall/gateway.
Privoxy is great because it zaps ads of all flavors (ie flash, image, js, etc). Privoxy was once managed by the same organization as the Junkbuster web proxy. The squid proxy helps me cache images, in an effort to improve my browsing experience.

Once I began to get these error msgs, I figured that there was a problem with the client-side software. I simply upgraded to latest stable release of Privoxy *3.06* I had been running v3.0.3 for at least 3yrs, and was very pleased (until I was unable to properly load sites).

However, this did not mitigate the problem. For whatever reason, I thought perhaps it was a connectivity issue. So I cycled the cable modem. No improvement. I could ping out to the internet without issue. So, I immediately began to suspect my smoothie.

After logging into the box, I notice this :

[root@goon root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/harddisk4 942M 552M 342M 62% /
/dev/harddisk1 5.7M 4.2M 1.3M 76% /boot
/dev/harddisk3 234M 235M 0 100% /var/log

Hmmm. No wonder the squid daemon shutdown.
Heh, /var partition was consumed by the logs. A deeper look @ /var/log/squid revealed:

[root@goon squid]# du -h -s * | more
29M access.log
26M access.log.1
55M access.log.3
23M access.log.5

I began to wonder why the logs weren't being purged appropriately. I'm _sure_ that I had setup a cronjob to rotate and touch the files as appropriate.

As stated earlier, the squid proxy server simply caches all the images of the websites that I frequently visit. Simple problem and an even easier fix.
After reviewing the access.logs to make sure nothing was afoul. I proceeded to blast away the files to reclaim space on /var partition.
As root executed ' /usr/local/bin/restartsquid' ,checked to see if squid process restarted.

[root@goon log]# ps aux | grep squid
root 10376 0.0 0.6 3604 200 ? S Apr23 0:00 /usr/local/squid/
squid 10379 0.1 61.8 27028 18820 ? S Apr23 7:16 (squid) -D
squid 10381 0.0 0.1 1284 56 ? S Apr23 0:00 (unlinkd)
squid 10382 0.0 0.5 1976 164 ? S Apr23 0:27 diskd 10628096 10

All looks well. I also took advantage of this opportunity to run a squid log analyzer via the smoothie web interface. My firewall box simply runs and stays out of the way. I'd forgotten to grab the uptime info before I rebooted. It's pretty easy to forget about it, that is until I am unable to resolve pages as I expect ;)

  • links for 2007-04-27
  • links for 2007-01-12
  • Foray into DOCSIS 3.0 - Weirdness of DNS Caching
  • ssh tunneling and socks proxy forwarding goodness
  • Monthly Archives


    OpenID accepted here Learn more about OpenID
    Powered by Movable Type 4.25

    About this Entry

    This page contains a single entry by AG published on April 24, 2007 7:36 AM.

    Penguicon 5.0 was the previous entry in this blog.

    links for 2007-04-26 is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.