Skip to main content

Tutorial: Set Up a Log File Rotation

Abstract

Set up a rotation for Access Server log files and delete old files by following this tutorial.

Overview

This tutorial sets an allowable log file size and automates deleting old log files.

By default, Access Server archives a log file when it reaches about one megabyte. The number of log files grows endlessly until the disk is full. You can follow these steps to set up a log rotation.

Tip

When Access Server archives log files, it renames old files sequentially and creates a new log file, always named openvpnas.log. The old files are named openvpnas.log.1, openvpnas.log.2, and so on, with 1 being newer than the 2 file.

Prerequisites

  • An installed Access Server.

  • Access to your server's console and get root privileges.

Step 1: Adjust the allowable log file size

To adjust the log file size before it's archived, change the setting in as.conf with the LOG_ROTATE_LENGTH parameter:

  1. Sign on to the console and get root privileges.

  2. Open as.conf for editing in a text editor (such as nano):

    nano /usr/local/openvpn_as/etc/as.conf

  3. Add the following line at the bottom (the number represents bytes, and the default is around 1000000 bytes, about 1 megabyte):

    LOG_ROTATE_LENGTH=1000000

  4. Save and exit by pressing Ctrl+x, then y.

  5. Restart the Access Server service:

    service openvpnas restart

    • Access Server writes to the current log file until it reaches your new, specified file size.

Step 2: Set up a cleanup job for old log files

You can set up a cron job that periodically deletes old log files.

The number of files you choose to retain, times the file size of the log ration setting, determines how much log data you keep in total, ensuring you never exceed a certain number of bytes used for Access Server's log files.

Tip

You can also log to syslog, as explained in this tutorial, which should already have rotation rules set on it in the operating system that clean it up regularly:

Example cron job

Here's an example cron job for deleting old log files. Adjust the commands for your limits and execution time.

To set up a cron job that clears log files number .15 and higher at 4:00 a.m. each night:

  1. Sign in to the console and get root privileges.

  2. Open the crontab file for the account you are signed in as:

    crontab -e

    • Select an editor when prompted when doing this for the first time.

  3. At the bottom of the crontab file, add these two lines:

    SHELL=/bin/bash
0 4 * * * /bin/rm /var/log/openvpnas.log.{15..1000} >/dev/null 2>&1

  4. Save and exit by pressing Ctrl+x, then y (if you use nano as your editor).

The script deletes files named /var/log/openvpnas.log.15 and greater every night. Your system keeps the main log file and 14 archived log files.

Access Server in Docker: Set up log file rotation

By default, Docker captures the standard output (and standard error) of all your containers and writes them in files using the JSON format.

When you install Access Server in a Docker container, the Access Server logs are stored in this JSON log file under the Linux host.

This JSON log file is generally stored at:

/var/lib/docker/containers/[container-id]/[container-id]-json.log

In addition, there are two ways to store Docker logs:

  1. Docker daemon logs: These logs are generated by the Docker daemon and located on the host. It provides insights into the state of the Docker platform.

  2. Docker container logs: These logs capture the output from applications running inside containers.

Suppose you want to configure log rotation for the Access Server logs. You can do this by using the log driver and setting it in either Docker daemons logs or Docker container logs. This is explained in detail below.

Note

The following instructions assume you’re using Docker CE installed in a headless Linux environment. If you’re using desktop (GUI) environments such as Windows, macOS, or Linux, you may need to look up documentation for Docker Desktop and make adjustments as needed. However, there is no guarantee that this will work in Docker Desktop.

Option 1: Configuring log driver via Docker daemon logs

  1. Locate or create the daemon.json file:

    • On Linux hosts, the daemon.json file is located at /etc/docker.

    • If the file doesn't exist, create it:

      nano /etc/docker/daemon.json

  2. Add the following configuration:

    {
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "1m",1
    "max-file": "3"2
  }
}

    1

    max-size: Limits the size of each Docker log file (e.g., 1m = 1MB).

    2

    max-file: Specifies the maximum number of log files to retain (e.g., 3).

  3. Restart Docker for the changes to take effect:

    systemctl restart docker

  4. Verify the configuration for the log rotation:

    docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as

    • Expected output:

      root@Docker:~# docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as
{"Type":"json-file","Config":{"max-file":"3","max-size":"1m"}}

Option 2: Configuring log driver via Docker container logs

  1. Use the docker run command to set the appropriate values for the log-driver and log-opt keys when creating the Access Server Docker container or updating an existing container:

    1. If you're creating the Docker container the first time, run these commands:

      docker run -d \
  --name=openvpn-as --device /dev/net/tun \
  --cap-add=MKNOD --cap-add=NET_ADMIN \
  -p 943:943 -p 443:443 -p 1194:1194/udp \
  -v <path to data>:/openvpn \1
  --log-driver json-file \
  --log-opt max-size=1m \
  --log-opt max-file=3 \
  --restart=unless-stopped \
openvpn/openvpn-as

      1

      Replace <path to data> with the directory for configuration files.

    2. If you've already created the Access Server in Docker CE, you can remove the container and rerun the docker run commands:

      • Stop the existing container:

        docker stop openvpn-as

      • Remove the container:

        docker rm openvpn-as

        Note

        Configuration files will remain intact in the persistent volume (-v <path to data>:/openvpn).

      • Recreate the container with logging options:

        docker run -d \
  --name=openvpn-as --device /dev/net/tun \
  --cap-add=MKNOD --cap-add=NET_ADMIN \
  -p 943:943 -p 443:443 -p 1194:1194/udp \
  -v <path to data>:/openvpn \1
  --log-driver json-file \
  --log-opt max-size=1m \
  --log-opt max-file=3 \
  --restart=unless-stopped \
openvpn/openvpn-as

        1

        Replace <path to data> with the directory for configuration files.

  2. Verify the configuration for the log rotation:

    docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as

    • Expected output:

      root@Docker:~# docker inspect --format '{{ json .HostConfig.LogConfig }}' openvpn-as
{"Type":"json-file","Config":{"max-file":"3","max-size":"1m"}}
In this section: