Tutorial: Set Up a Log File Rotation
Set up a rotation for Access Server log files and delete old files by following this tutorial.
Overview
This tutorial sets an allowable log file size and automates deleting old log files.
By default, Access Server archives a log file when it reaches about one megabyte. The number of log files grows endlessly until the disk is full. You can follow these steps to set up a log rotation.
Tip
When Access Server archives log files, it renames old files sequentially and creates a new log file, always named openvpnas.log. The old files are named openvpnas.log.1, openvpnas.log.2, and so on, with 1 being newer than the 2 file.
An installed Access Server.
Access to your server's console and get root privileges.
To adjust the log file size before it's archived, change the setting in as.conf with the LOG_ROTATE_LENGTH parameter:
Sign on to the console and get root privileges.
Open as.conf for editing in a text editor (such as nano):
nano /usr/local/openvpn_as/etc/as.conf
Add the following line at the bottom (the number represents bytes, and the default is around 1000000 bytes, about 1 megabyte):
LOG_ROTATE_LENGTH=1000000
Save and exit by pressing Ctrl+x, then y.
Restart the Access Server service:
service openvpnas restart
Access Server writes to the current log file until it reaches your new, specified file size.
You can set up a cron job that periodically deletes old log files.
The number of files you choose to retain, times the file size of the log ration setting, determines how much log data you keep in total, ensuring you never exceed a certain number of bytes used for Access Server's log files.
Tip
You can also log to syslog, as explained in this tutorial, which should already have rotation rules set on it in the operating system that clean it up regularly:
Example cron job
Here's an example cron job for deleting old log files. Adjust the commands for your limits and execution time.
To set up a cron job that clears log files number .15 and higher at 4:00 a.m. each night:
Sign in to the console and get root privileges.
Open the crontab file for the account you are signed in as:
crontab -e
Select an editor when prompted when doing this for the first time.
At the bottom of the crontab file, add these two lines:
SHELL=/bin/bash 0 4 * * * /bin/rm /var/log/openvpnas.log.{15..1000} >/dev/null 2>&1
Save and exit by pressing Ctrl+x, then y (if you use nano as your editor).
The script deletes files named /var/log/openvpnas.log.15 and greater every night. Your system keeps the main log file and 14 archived log files.
By default, Docker captures the standard output (and standard error) of all your containers and writes them in files using the JSON format.
When you install Access Server in a Docker container, the Access Server logs are stored in this JSON log file under the Linux host.
This JSON log file is generally stored at:
/var/lib/docker/containers/[container-id]/[container-id]-json.log
In addition, there are two ways to store Docker logs:
Docker daemon logs: These logs are generated by the Docker daemon and located on the host. It provides insights into the state of the Docker platform.
Docker container logs: These logs capture the output from applications running inside containers.
Suppose you want to configure log rotation for the Access Server logs. You can do this by using the log driver and setting it in either Docker daemons logs or Docker container logs. This is explained in detail below.
Note
The following instructions assume you’re using Docker CE installed in a headless Linux environment. If you’re using desktop (GUI) environments such as Windows, macOS, or Linux, you may need to look up documentation for Docker Desktop and make adjustments as needed. However, there is no guarantee that this will work in Docker Desktop.
Option 1: Configuring log driver via Docker daemon logs
Locate or create the
daemon.json
file:On Linux hosts, the
daemon.json
file is located at/etc/docker
.If the file doesn't exist, create it:
nano /etc/docker/daemon.json
Add the following configuration:
{ "log-driver": "json-file", "log-opts": { "max-size": "1m",1 "max-file": "3"2 } }
Restart Docker for the changes to take effect:
systemctl restart docker
Verify the configuration for the log rotation:
docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as
Expected output:
root@Docker:~# docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as {"Type":"json-file","Config":{"max-file":"3","max-size":"1m"}}
Option 2: Configuring log driver via Docker container logs
Use the
docker run
command to set the appropriate values for thelog-driver
andlog-opt
keys when creating the Access Server Docker container or updating an existing container:If you're creating the Docker container the first time, run these commands:
docker run -d \ --name=openvpn-as --device /dev/net/tun \ --cap-add=MKNOD --cap-add=NET_ADMIN \ -p 943:943 -p 443:443 -p 1194:1194/udp \ -v <path to data>:/openvpn \1 --log-driver json-file \ --log-opt max-size=1m \ --log-opt max-file=3 \ --restart=unless-stopped \ openvpn/openvpn-as
Replace
<path to data>
with the directory for configuration files.If you've already created the Access Server in Docker CE, you can remove the container and rerun the
docker run
commands:Stop the existing container:
docker stop openvpn-as
Remove the container:
docker rm openvpn-as
Note
Configuration files will remain intact in the persistent volume (
-v <path to data>:/openvpn
).Recreate the container with logging options:
docker run -d \ --name=openvpn-as --device /dev/net/tun \ --cap-add=MKNOD --cap-add=NET_ADMIN \ -p 943:943 -p 443:443 -p 1194:1194/udp \ -v <path to data>:/openvpn \1 --log-driver json-file \ --log-opt max-size=1m \ --log-opt max-file=3 \ --restart=unless-stopped \ openvpn/openvpn-as
Replace
<path to data>
with the directory for configuration files.
Verify the configuration for the log rotation:
docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as
Expected output:
root@Docker:~# docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as {"Type":"json-file","Config":{"max-file":"3","max-size":"1m"}}