Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

C.3. IdM Domain Services and Log Rotation

Several IdM domain services use the system logrotate service to handle log rotation and compression:
  • named (DNS)
  • httpd (Apache)
  • tomcat
  • sssd
  • krb5kdc (the Kerberos domain controller)
The logrotate configuration files are stored in the /etc/logrotate.d/ directory.

Example C.1. Default httpd Log Rotation File at /etc/logrotate.d/httpd

/var/log/httpd/*log {
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
The logrotate policy files for most of the services create a new log file with the same name, default owner, and default permissions as the previous log. However, with the files for named and tomcat, a special create rule sets this behavior with explicit permissions as well as user and group ownership.
Do not change the permissions or the user and group which own the named and tomcat log files. This is required for both IdM operations and SELinux settings. Changing the ownership of the log rotation policy or of the files can cause the IdM domains services to fail.

Additional Resources

  • The 389 Directory Server instances used by IdM as a back end and by the Dogtag Certificate System have their own internal log rotation policies. See the Configuring Subsystem Logs in the Red Hat Directory Server 10 Administration Guide.
  • For details about other potential log rotation settings, such as compression settings or the size of the log files, see the Log Rotation in the System Administrator's Guide or the logrotate(8) man page.