diff --git a/docs/modules/ROOT/pages/config/logging.adoc b/docs/modules/ROOT/pages/config/logging.adoc index 57b01819..e91669a0 100644 --- a/docs/modules/ROOT/pages/config/logging.adoc +++ b/docs/modules/ROOT/pages/config/logging.adoc @@ -124,6 +124,8 @@ The following options are supported for each logger: NOTE: Since version 5.7.0 section names can't contain dots or colons. To specify such paths use the *path* setting in an arbitrarily named section. +NOTE: xref:config//logrotate.adoc[`*logrotate*`] contains two example configurations for logroate to manage a log file written by strongswan + *charon.filelog* [cols="3,1,9"] diff --git a/docs/modules/ROOT/pages/config/logrotate.adoc b/docs/modules/ROOT/pages/config/logrotate.adoc new file mode 100644 index 00000000..7ee1c953 --- /dev/null +++ b/docs/modules/ROOT/pages/config/logrotate.adoc @@ -0,0 +1,62 @@ += Logrotate configuration + +When configuring loggint to a file by using the xref:config//logging.adoc#file-loggers[filelogger] it is desirable to have +a logroate configuration in place for the file in order to limit the size of the log file. + +Following is an example logrotate configuration for keeping a single file. +``` +/var/log/charon.log { + missingok + sharedscripts + postrotate + /usr/bin/swanctl --reload-settings + endscript + maxsize 10M + create 0600 root root + shred + shredcycles 16 +} +``` + +The following configuration is for a daily file. + +``` +/var/log/charon.log { + missingok + sharedscripts + compress + postrotate + /usr/bin/swanctl --reload-settings + endscript + dateext + dateyesterday + delaycompress + maxsize 10M + compresscmd xz + create 0600 root root + shred + shredcycles 16 + +``` + +These files are compatible with the following filelogger configuration: +``` +charon { + filelog { + charon-log { + time_format = %a, %Y-%m-%d %R + path = /var/log/charon.log + default = 2 + mgr = 0 + net = 1 + enc = 1 + asn = 1 + job = 1 + knl = 2 + ike_name = yes + append = yes + flush_line = yes + } + } +} +```