__biancatcatcat

dnsmasq + logrotate config, Debian 9 (stretch)

by Bianca Tamayo

dnsmasq logrotate

It's been a while since I got really into the weeds with my network setup. After not thinking about it for a while, I got an alert for disk usage.

So I come back to this:

53GB! of logs, whooops

Whoops. Oh yeah – this was when I was tinkering with dnsmasq to do some overly complex stuff to see if I can do it. I turned on super verbose logging for this gateway and then apparently didn't turn it off. Then forgot to rotate those logs.

This was not what I planned to deal with today, but since this is surprisingly the only service I have to manually configure logrotate for, I'm putting the config here for reference – mostly my own.

Running Debian right now and using a default installation of logrotate, I have the following in dnsmasq.conf:

# /etc/dnsmasq.conf
...
log-facility=/var/log/dnsmasq.log  
...

Assuming global configs for logrotate are in /etc/logrotate.conf, and has directives to include files in /etc/logrotate.d/, here's the config that I'm using now:

# /etc/logrotate.d/dnsmasq:

/var/log/dnsmasq.log {
  monthly
  missingok
  notifempty
  maxsize 5M
  rotate 14
  delaycompress
  create 0640 dnsmasq root
  sharedscripts
  postrotate
    [ ! -f /var/run/dnsmasq.pid ] || kill -USR2 `cat /var/run/dnsmasq.pid`
  endscript
}

💡 To debug a specific configuration (e.g. dnsmasq) in dry-run mode:

Note: Doing this will bypass any global configs in logrotate.conf

logrotate --debug /etc/logrotate.d/dnsmasq

💡 To debug your general/default logrotate configuration in dry-run mode:

logrotate --debug /etc/logrotate.conf

💡 To force logrotate to run, ignoring all configurations' criteria for rotation:

logrotate --verbose --force /etc/logrotate.conf

S'all for now!

Bonus update after 6 hours:

So I didn't actually delete that giant logfile because I love data and have a hard time letting go. Instead, I compressed the hell out of it and will probabaly never actually look at it. It took six hours, but tada... 🎉 a 95% reduction! Compression (xz) + one-off logs = ❤

root@px01:/var/log# xz --verbose dnsmasq.log.1  
dnsmasq.log.1 (1/1)  
  100 %      2,636.8 MiB / 53.0 GiB = 0.049   2.5 MiB/s    5:56:53
xz: dnsmasq.log.1: File seems to have been moved, not removing  
root@px01:/var/log# ls -lAth | grep dns  
-rw-r-x--- 1 dnsmasq  root     2.6G Sep 28 17:33 dnsmasq.log.1.xz
-rw-r-x--- 1 dnsmasq  root      53G Sep 28 17:33 dnsmasq.log.2

💡Tip: The -h and -t in ls -lAth means "human readable, sort by modified time".

What would you like to see me write about? Comments and questions are welcome in the comments or on Twitter!