Question httpsd_access_log keeps growing, logrotate doesn't include it

[TomBoB]

Hi all,

been watching the /var/log/plesk/httpsd_access_log file grow and grow. Is now on ~500MB

I'll now add this file to the logrotate myself, but wanted to know if others observe the same?
Last time it got rotated was the day we upgraded from Onyx to Obsidian. Checked on two servers, both show identical behavior.

Cheers,
Tom

include /usr/local/psa/etc/logrotate.d

/var/log/plesk/xferlog.processed {
    missingok
    rotate 3
    size    10M
    compress
    nocreate
}

/var/log/maillog.processed {
    missingok
    rotate 30
    size    10M
    compress
    nocreate
}

/usr/local/psa/var/log/psi.log {
    missingok
    daily
    rotate 3
    size    10M
    compress
    nocreate
}

/var/log/plesk/*_log.processed {
    weekly
    rotate  12
    missingok
    notifempty
    copytruncate
    compress
}

/usr/local/psa/var/webalizer.cache {
    missingok
    rotate  0
    size    512M
    nocreate
}

/var/log/plesk/*.log {
    missingok
    daily
    rotate 3
    size    10M
    compress
    copytruncate
}

/var/log/plesk/install/*.log {
    missingok
    rotate 3
    size    10M
    compress
}

is the logrotate.conf as found on the server

 

[learning_curve]

@TomBoB We did see this a short while ago, so having error checked first, we deleted it as it was 400MB plus. We have also added the file temporarily to the logrotate.conf file as you've suggested but are wondering IF the only reason it's NOT covered by this existing section of the file;

/var/log/plesk/*.log {
    missingok
    daily
    rotate 3
    size    10M
    compress
    copytruncate
}

Is because... the file has ended up having a _log and NOT a .log suffix in Obsidian? Just a QA check mini-bug perhaps?

 

[omexlu]

Maybe @IgorG need to report that "bug"

 

[Bitpalast]

I can confirm this on a test machine with a clean Obsidian installation.

However, on another reference Onyx machine, the same configuration in logrotate configuration files seems to rotate the file correctly. And there is no logrotate configuration for *_log in Onyx either. The only file in logrotation that contains an encrypted httpsd is plesk.pp, whatever that is. So I also think that this must be a bug and that the file does not seem to be rotated by logrotate but by a proprietary Plesk function.

 

[Bitpalast]

Reported in
httpsd_access_log keeps growing, logrotate doesn't include it

 

[learning_curve]

Update: Adding /var/log/plesk/httpsd_access_log into the logrotate.conf file made no difference @TomBoB Our earlier, initial guess about the incorrect suffix perhaps being the cause was wrong There's still no log rotation process being carried out on this file and it continues to grow, daily

It looks like @Peter Debik aka Sherlock Holmes, 221B Plesk Street has yet again, figured it out correctly i.e. The bug is present in Obsidian only and is located elsewhere from the logrotate.conf file / process. It's been confirmed by Plesk and submitted as PPPM-11236 now after the bug was submitted (see post above).

 

[TomBoB]

As stated in the first post we added it ourselves to the log rotation. Pretty much the same as what Plesk eventually posted as a resolution.

But while we're at it, (it now rotates), the log is being swamped with entries from the grafana monitoring.

127.0.0.1 - - [04/Jan/2020:12:39:36 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 130 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:39:38 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 120 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:39:41 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 127 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:39:47 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 137 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:39:52 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 126 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:39:52 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 110 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:03 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 127 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:03 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 132 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:04 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 130 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:05 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 133 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:14 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 126 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:14 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 120 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:17 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 137 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:18 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 110 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:33 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 132 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:35 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 133 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:36 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 127 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:36 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 126 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'
127.0.0.1 - - [04/Jan/2020:12:40:39 +0100] "POST /modules/monitoring/public/index.php/AuthCode/query HTTP/1.1" 200 130 "-" "Go-http-client/1.1" "-"'/modules/monitoring/public/index.php/AuthCode/query' '' '/usr/local/psa/admin/htdocs'

No debugging is turned on that I'm aware of / nothing in our internal server config logs about it either.
While fixing the above issue properly, maybe Plesk can stop posting those entries to the log. It's quite irritating to find real entries inbetween all the above.

Chee