Prior to version 5 of the Server app, administrators needed to configure their own Apache log rotation, but with version 5, rotation is switched on by default. For many people, however, the default rotation settings will be more a hindrance than a help; here’s how to make them usable again.
If you’ve used the suggestions I made awhile back to implement Apache log rotation (“Improve OS X Server Performance via Newsyslog Automatic Log Rotation, Without Piping”), the first step in fixing up rotation after the Server 5 upgrade is to switch off that rotation by simply removing your custom log rotation configuration file from
/etc/newsyslog.d. Apple now includes its own rotation instructions here:
These will need to be modified. By default, the first few lines of that file look like this:
#logfilename [owner:group] mode count size when [flags] [/pid_file] [sig_num] /var/log/apache2/access_log root:wheel 640 10 20480 * J /var/run/server-httpd.pid 30 /var/log/apache2/error_log root:wheel 640 10 20480 * J /var/run/server-httpd.pid 30 /var/log/apache2/service_proxy_access.log root:wheel 640 10 20480 * J /var/run/service_proxy.pid 30 /var/log/apache2/service_proxy_error.log root:wheel 640 10 20480 * J /var/run/service_proxy.pid 30
Skimming through, we can immediately identify three problems:
- Permissions are very restrictive,
- log rotation occurs at a relatively low size, and
- logs are compressed.
It’s the restrictive permissions which will make it impossible to view the logs at all using the Console app when logged into the server as an ordinary user. There are several ways to fix the problem besides logging in as a user with elevated privileges. Many other logs use the more liberal
644, for example, rather than
640, and many which are owned by
root are group
admin rather than group
And the relatively low size threshold for log rotation could, on an even moderately busy server, result in retaining less than a full day’s worth of logs before the count of 10 is exceeded. This can be fixed either by adjusting the threshold itself to a higher number or — as I recommended in the earlier article — by employing a fixed schedule, such as rotating once per day.
Finally, the ‘J’ flag causes rotated logs to be compressed, but since Apache logs are buffered, using compression can result in data loss on a busy server. Dropping the ‘J’ and replacing it with a ‘B’, which will prevent the insertion of a rotation header at the start of the log file (which can confuse log viewing utilities), will kill two birds with one stone.
Combining all three of the above, keeping 14 days of logs rotated once per day, and applying the more liberal
644 permissions, results in something like this for the first few lines:
#logfilename [owner:group] mode count size when [flags] [/pid_file] [sig_num] /var/log/apache2/access_log root:wheel 644 14 * $D0 B /var/run/server-httpd.pid 30 /var/log/apache2/error_log root:wheel 644 14 * $D0 B /var/run/server-httpd.pid 30 /var/log/apache2/service_proxy_access.log root:wheel 644 14 * $D0 B /var/run/service_proxy.pid 30 /var/log/apache2/service_proxy_error.log root:wheel 644 14 * $D0 B /var/run/service_proxy.pid 30
These are just examples: appropriate choices about timing, size, the number of days of logs to keep, and the specific approach to making the logs easier to view will all depend on the details of a given server, its traffic levels, and how it is usually administered. There are also several other lines included in the log rotation configuration, specifically for the logs contained under
/var/log/apache2/services/; I’ve focused here just on those which are most pressing for running websites.
All material on this site is carefully reviewed, but its accuracy cannot be guaranteed, and some suggestions offered here might just be silly ideas. For best results, please do your own checking and verifying. This specific article was last reviewed or updated by Greg on .