Re: Nginx log rotation
On Thu, Dec 27, 2012 at 02:22:46AM +0100, Paolo Aglialoro wrote: Thank you, here is the diff for newsyslog.conf: 1c1 # $OpenBSD: newsyslog.conf,v 1.29 2011/04/14 20:32:34 sthen Exp $ --- # $OpenBSD: newsyslog.conf,v 1.30 2012/12/27 02:16:14 sthen Exp $ 17a18,19 #/var/www/logs/access.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` #/var/www/logs/error.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` Remove B. And the last part should be: /var/run/nginx.pid SIGUSR1 e.g. /var/www/logs/access.log644 7 *24Z /var/run/nginx.pid SIGUSR1 On Wed, Dec 26, 2012 at 11:49 PM, Antoine Jacoutot ajacou...@bsdfrog.orgwrote: On Wed, Dec 26, 2012 at 11:02:56PM +0100, Paolo Aglialoro wrote: Hi misc! Considering that with 5.2 nginx is going to be (already is?) the official http server (I'm using it with joy, I like its minimalistic approach), is there some officially recommended way to rotate the logs in /var/www/logs/ which are getting bigger and bigger? Just use newsyslog(8) and send SIGUSR1 to /var/run/nginx.pid. Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks -- Antoine -- Antoine
Nginx log rotation
Hi misc! Considering that with 5.2 nginx is going to be (already is?) the official http server (I'm using it with joy, I like its minimalistic approach), is there some officially recommended way to rotate the logs in /var/www/logs/ which are getting bigger and bigger? Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks
Re: Nginx log rotation
On Wed, Dec 26, 2012 at 11:02:56PM +0100, Paolo Aglialoro wrote: Hi misc! Considering that with 5.2 nginx is going to be (already is?) the official http server (I'm using it with joy, I like its minimalistic approach), is there some officially recommended way to rotate the logs in /var/www/logs/ which are getting bigger and bigger? Just use newsyslog(8) and send SIGUSR1 to /var/run/nginx.pid. Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks -- Antoine
Re: Nginx log rotation
On 12/26/12 17:02, Paolo Aglialoro wrote: ... Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks The reason for FAQ entries about things like Apache/httpd being chrooted is that it isn't standard in the main Apache distribution (STILL...but that's another rant), and creates an unexpected surprise for OpenBSD users. So, we document it. An alert about the nginx default chrooting would definitely be in order. Other things? Not sure. I just lit up nginx on one of my systems to replace the apache-derived httpd, and it was pretty darned simple, so we'll have to see if OpenBSD-specific Questions end up being Frequently Asked...but I have no desire for OpenBSD.org to become a primary source of information about generic nginx usage. Nick.
Re: Nginx log rotation
Thank you, here is the diff for newsyslog.conf: 1c1 # $OpenBSD: newsyslog.conf,v 1.29 2011/04/14 20:32:34 sthen Exp $ --- # $OpenBSD: newsyslog.conf,v 1.30 2012/12/27 02:16:14 sthen Exp $ 17a18,19 #/var/www/logs/access.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` #/var/www/logs/error.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` On Wed, Dec 26, 2012 at 11:49 PM, Antoine Jacoutot ajacou...@bsdfrog.orgwrote: On Wed, Dec 26, 2012 at 11:02:56PM +0100, Paolo Aglialoro wrote: Hi misc! Considering that with 5.2 nginx is going to be (already is?) the official http server (I'm using it with joy, I like its minimalistic approach), is there some officially recommended way to rotate the logs in /var/www/logs/ which are getting bigger and bigger? Just use newsyslog(8) and send SIGUSR1 to /var/run/nginx.pid. Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks -- Antoine
Re: Nginx log rotation
2012/12/27 Paolo Aglialoro paol...@gmail.com: #/var/www/logs/access.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` #/var/www/logs/error.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` Why B flag and global read permissions? -- Michał Markowski
Re: Nginx log rotation
B flag to avoid newsyslog manipulating contents of log files, like it happens for pflog 644 was just for being comfortable (it comes from a 1 user system), it may of course be changed to be stricter On Thu, Dec 27, 2012 at 2:35 AM, MichaÅ Markowski markows...@gmail.comwrote: 2012/12/27 Paolo Aglialoro paol...@gmail.com: #/var/www/logs/access.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` #/var/www/logs/error.log 644 7 *24ZB kill -s USR1 `cat /var/run/nginx.pid` Why B flag and global read permissions? -- MichaÅ Markowski
Re: Nginx log rotation
2012/12/27 Paolo Aglialoro paol...@gmail.com: B flag to avoid newsyslog manipulating contents of log files, like it happens for pflog Yep, but /var/log/pflog is binary, contrary to nginx logs. 644 was just for being comfortable (it comes from a 1 user system), it may of course be changed to be stricter So you are probably in wheel group already and 640 should be comfortable enough. :) -- Michał Markowski
ntp log rotation
Hi list, is there any way to use newsyslog with ntpd (not the OpenBSD one) without having to restart it? Just rotating the log causes subsequent log messages to be lost and killing ntpd with SIGHUP causes it to exit. I've had a look at the manpages and on the interwebs, but didn't find anything. Thanks, Lars
Re: ntp log rotation
It takes either a masochist to run original NTPD, or you are being tortured.
Re: ntp log rotation
NTPD does its own rotating if you tell it to. See e.g. http://www.eecis.udel.edu/~mills/ntp/html/monopt.html Cheers, Andreas 2010/1/3 Lars Kotthoff li...@larsko.org: Hi list, is there any way to use newsyslog with ntpd (not the OpenBSD one) without having to restart it? Just rotating the log causes subsequent log messages to be lost and killing ntpd with SIGHUP causes it to exit. I've had a look at the manpages and on the interwebs, but didn't find anything. Thanks, Lars -- Andreas Kahari Somewhere in the general Cambridge area, UK
log rotation
Hi Folks, I use syslog-ng, for which newsyslog seemed to have a few shortcomings. Also, I didn't like the way newsyslog processes each file to be rotated individually, sending a signal to syslogd each time, instead of doing all the rotations, and then sending a single signal. yeah, I read that syslogd doesn't care, and the method doesn't present any significant load on the system or syslogd. I guess I'm a pedant. Anyhow, I wrote a perl script to batch all the rotations. It isn't nearly as clever as newsyslog (rotation based on size, etc). It simply rotates when called. For anyone who's interested, the script can be found at: http://www.unix-wissen.de/OpenBSD/rotate-logs.pl cheers, Rob Urban
log rotation
Hello I'm wondering how to implement log rotation with chrooted apache. Anyone solved this problem ? Thanks Bambero
Re: log rotation
On Tue, May 15, 2007 at 07:10:28PM +0200, Bambero wrote: Hello I'm wondering how to implement log rotation with chrooted apache. Anyone solved this problem ? Thanks Bambero same as with any other log..? (newsyslog(8) cron(8)) cheers, -- Przemyslaw Nowaczyk [EMAIL PROTECTED] CS student @ Poznan University of Technology http://www.student.put.poznan.pl/~przemyslaw.nowaczyk/
Re: log rotation
On Tue, May 15, 2007 at 08:21:24PM +0200, Przemyslaw Nowaczyk wrote: On Tue, May 15, 2007 at 07:10:28PM +0200, Bambero wrote: Hello I'm wondering how to implement log rotation with chrooted apache. Anyone solved this problem ? Thanks Bambero same as with any other log..? (newsyslog(8) cron(8)) cheers, The problem there is that sending a SIGHUP won't work as expected, and neither will apachectl restart If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. This is far from perfect, but works is you're just serving pages (as opposed to large, long-lived downloads). Other, better solutions involve piping logs to chronolog or something similar. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: log rotation
If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: log rotation
Cronolog...no restart needed. -- ~Allie D. On Tue, May 15, 2007 12:11, John Mendenhall wrote: If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: log rotation
It's hosting server so restarting apache is bad idea. On 5/15/07, John Mendenhall [EMAIL PROTECTED] wrote: If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: log rotation
But it dont' want to work in chroot. On 5/15/07, Allie D. [EMAIL PROTECTED] wrote: Cronolog...no restart needed. -- ~Allie D. On Tue, May 15, 2007 12:11, John Mendenhall wrote: If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: log rotation
I've always rotated my logs without ever starting apache. I just do something like this. cp access_log $date_access_log echo access_log gzip $date_access_log It's possible to lose a line or 2 of logging, but if that's ok, this is what I've done. Robert Zajda wrote: It's hosting server so restarting apache is bad idea. On 5/15/07, John Mendenhall [EMAIL PROTECTED] wrote: If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services -- Alex Thurlow Technical Director Blastro Networks email: [EMAIL PROTECTED] office: 512-485-3148 mobile: 512-762-5814
Re: log rotation
I run it on a chrooted server...works fine. ErrorLog |/usr/local/sbin/cronolog /var/www/logs/%Y/%m/%d/error.log CustomLog |/usr/local/sbin/cronolog /var/www/logs/%Y/%m/%d/access.log combined I don't think there's any more configuration than that. -- ~Allie D. On Tue, May 15, 2007 13:41, Robert Zajda wrote: But it dont' want to work in chroot. On 5/15/07, Allie D. [EMAIL PROTECTED] wrote: Cronolog...no restart needed. -- ~Allie D. On Tue, May 15, 2007 12:11, John Mendenhall wrote: If you don't mind a second or two of down time then you can use something like this in newsyslog.conf as a restart command: apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start The first sleep gives apache a second to finish active requests before trying to start again. The second sleep and start is to catch the case where the first start fails because apache is still running. I have a script which does the following: + rotates logs + calls apachectl stop (twice, with sleep 2 after each call) + calls apachectl stop and greps the output to make sure it is stopped (looks for 'not running') + if I don't find not running, pages me + run apachectl startssl This is all in a wrapper script which then calls awstats after a successful rotate and restart. Works for us. JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: log rotation
On 15 May, 2007, at 10:41 PM, Robert Zajda wrote: But it dont' want to work in chroot. On 5/15/07, Allie D. [EMAIL PROTECTED] wrote: Cronolog...no restart needed. Actually it can, with a little patch [1] that I've ported to the ports system [2]; unpack the tar.gz in /usr/ports/www and install cronolog as usual. This patch adds --set-uid and --set-gid switches, witch make cronolog drop his privileges like apache do. [1] http://cronolog.org/patches/cronolog-setugid-patch.txt [2] http://spatof.org/obsd/cronolog-1.6.2-setuid.tar.gz Daniel K. -- Hi, I'm a .signature virus! Copy me to your .signature file and help me propagate, thanks!
newsyslogd.conf (please email me your file) the apache log rotation part
hi, Could someone send me his content of /etc/newsyslog.conf, the part contains the apache log rotation entries?! thx a lot didier
Re: Apache Log Rotation - FAQ 10.16
On Fri, Dec 09, 2005 at 01:45:51PM +0800, Uwe Dippel wrote: There are many posts on this problem; and the reason is understood. To me, the FAQ 10.16 seems wrong: Log Rotation: Normally, logs are rotated by renaming the old files, then sending httpd(8) a SIGUSR1 signal to cause Apache to close its old log files and open new ones. This is no longer possible, as httpd(8) has no ability to open log files for writing once privileges are dropped. httpd(8) must be stopped and restarted: # apachectl stop apachectl start This is all I get here: # apachectl stop /usr/sbin/apachectl stop: httpd stopped /usr/sbin/apachectl start: httpd (pid 18132) already running In the end, it doesn't restart; leaving the users out until I wait and restart httpd And the log isn't rotated neither. Chances are, the author meant something like # apachectl stop # [newsyslog or similar] # apachectl start If the text in the FAQ just kills httpd, it ought to be corrected, AFAICS. Could you please share your preferred methods to rotate the /var/www/logs/, ? I use $ sudo apachectl stop sleep 3 sudo apachectl startssl on the rare occassion where I do this. It's not the neatest I can think of, but it works. The '3' is pretty much arbitrary, and I've used anything from 1 to 5. Joachim
Re: Apache Log Rotation - FAQ 10.16
On 12/9/05, Uwe Dippel [EMAIL PROTECTED] wrote: # apachectl stop apachectl start This is all I get here: # apachectl stop /usr/sbin/apachectl stop: httpd stopped /usr/sbin/apachectl start: httpd (pid 18132) already running In the end, it doesn't restart; leaving the users out until I wait and restart httpd apachectl stop sleep 1 apachectl start --knitti
Re: Apache Log Rotation - FAQ 10.16
Uwe Dippel wrote: Could you please share your preferred methods to rotate the /var/www/logs/, ? I had the same problem, and solved it by using cronolog. This way you don't have to restart apache. From my httpd.conf: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.%Y%m%d combined Hans
Re: Apache Log Rotation - FAQ 10.16
We're using the following in our newsyslog.conf file: (/usr/sbin/apachectl stop; (while `/usr/bin/pgrep httpd /dev/null 21`; do /bin/sleep 1; done); /usr/sbin/apachectl start) /dev/null 21 On Fri, Dec 09, 2005 at 01:45:51PM +0800, Uwe Dippel wrote: There are many posts on this problem; and the reason is understood. To me, the FAQ 10.16 seems wrong: Log Rotation: Normally, logs are rotated by renaming the old files, then sending httpd(8) a SIGUSR1 signal to cause Apache to close its old log files and open new ones. This is no longer possible, as httpd(8) has no ability to open log files for writing once privileges are dropped. httpd(8) must be stopped and restarted: # apachectl stop apachectl start This is all I get here: # apachectl stop /usr/sbin/apachectl stop: httpd stopped /usr/sbin/apachectl start: httpd (pid 18132) already running In the end, it doesn't restart; leaving the users out until I wait and restart httpd And the log isn't rotated neither. Chances are, the author meant something like # apachectl stop # [newsyslog or similar] # apachectl start If the text in the FAQ just kills httpd, it ought to be corrected, AFAICS. Could you please share your preferred methods to rotate the /var/www/logs/, ? Thanks, Uwe -- Egbert Krook System/Network Engineer Amarin Printing and Publishing Public Co., Ltd. And that's why we were unable to move the process forward.
Re: Apache Log Rotation - FAQ 10.16
On Fri, 09 Dec 2005 11:11:23 +0100 Hans van Leeuwen [EMAIL PROTECTED] wrote: Could you please share your preferred methods to rotate the /var/www/logs/, ? I had the same problem, and solved it by using cronolog. From my httpd.conf: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.%Y%m%d combined But you are not using the default chrooted apache, are you ? -- Olivier Mehani [EMAIL PROTECTED] PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Re: Apache Log Rotation - FAQ 10.16
Olivier Mehani wrote: On Fri, 09 Dec 2005 11:11:23 +0100 Hans van Leeuwen [EMAIL PROTECTED] wrote: Could you please share your preferred methods to rotate the /var/www/logs/, ? I had the same problem, and solved it by using cronolog. From my httpd.conf: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.%Y%m%d combined But you are not using the default chrooted apache, are you ? Yes, I am. [EMAIL PROTECTED]:~] grep httpd /etc/rc.conf.local httpd_flags=-DSSL Hans
Re: Apache Log Rotation - FAQ 10.16
On Fri, 09 Dec 2005 13:12:14 +0100 Hans van Leeuwen [EMAIL PROTECTED] wrote: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.%Y%m%d combined But you are not using the default chrooted apache, are you ? Yes, I am. [EMAIL PROTECTED]:~] grep httpd /etc/rc.conf.local httpd_flags=-DSSL Hum. I'm puzzled. Did you move some files and change permissions in the chroot then ? -- Olivier Mehani [EMAIL PROTECTED] PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Re: Apache Log Rotation - FAQ 10.16
Olivier Mehani wrote: On Fri, 09 Dec 2005 13:12:14 +0100 Hans van Leeuwen [EMAIL PROTECTED] wrote: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.%Y%m%d combined But you are not using the default chrooted apache, are you ? Yes, I am. [EMAIL PROTECTED]:~] grep httpd /etc/rc.conf.local httpd_flags=-DSSL Hum. I'm puzzled. Did you move some files and change permissions in the chroot then ? No. Please tell me what puzzles you... Hans
Re: Apache Log Rotation - FAQ 10.16
On Fri, 09 Dec 2005 13:33:30 +0100 Hans van Leeuwen [EMAIL PROTECTED] wrote: CustomLog |/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl /var/www/logs/old/access-hanz.nl.% Y%m%d combined But you are not using the default chrooted apache, are you ? Yes, I am. [EMAIL PROTECTED]:~] grep httpd /etc/rc.conf.local httpd_flags=-DSSL Hum. I'm puzzled. Did you move some files and change permissions in the chroot then ? No. Please tell me what puzzles you... Well, As far as I understand, when chrooted, apache... 1. starts as root 2. open the log files (in this case the pipe) 3. chroots 4. drops privileges to user www Hum... Now that I've written this down, I see no reason why it shouldn't work. This scheme will obviously not survive a apachectl restart because of apache now being chrooted and not having any access to /usr/local/sbin/cronolog to reopen the pipe, but this is not a big problem. The problem is that I remember having dug up this problem a little, and all the solutions using cronolog were said to have problems when booting. I think I will actually give this solution a real try right now (;. (Hans: sorry for the unfinished mail I just sent you) -- Olivier Mehani [EMAIL PROTECTED] PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Re: Apache Log Rotation - FAQ 10.16
Uwe Dippel wrote: Could you please share your preferred methods to rotate the /var/www/logs/, ? Not the best way I am sure, but for 7 years now on servers that run multiple virtual sites, all of them with their own logs and a few of them getting a few millions hits a day, I simply use cp access access.processing echo -n access And then process my access.processing as I see fit, archive them in a compress form after the fact, etc. All done from a cronjob that obviously process each different log files and yes may be I am loose one entry in the log files between the cp and empty of it, but it works for me very well. The reason is that I simply couldn't shutdown the server as there was way to much traffic and when php and mysql is configure on it with some perl scripts for some stats, simply doing a restarts wasn't good, but a stop was needed and wait for a second or two at time was needed before doing the restart, or it wasn't working. So, your mileage may vary and I will sure not say it's the best or proper way to do so, but it work and yes I am sure many will provide plenty of argument against it, many of witch may well be strong arguments, but it works for me in the end. Is that really bad, I never really asked if that was so bad doing so. So, I can't say. May be that would be the time to asked as well, but yes the results of it is that I may loose a few records in the process. Will that kill the validity of the stats, I don't think so, but you may see it differently. Way to many manager argue as to what the stats mean in the first place to even start to understand what difference it may mean to have a few missing from it. (: Daniel Daniel
Apache Log Rotation - FAQ 10.16
There are many posts on this problem; and the reason is understood. To me, the FAQ 10.16 seems wrong: Log Rotation: Normally, logs are rotated by renaming the old files, then sending httpd(8) a SIGUSR1 signal to cause Apache to close its old log files and open new ones. This is no longer possible, as httpd(8) has no ability to open log files for writing once privileges are dropped. httpd(8) must be stopped and restarted: # apachectl stop apachectl start This is all I get here: # apachectl stop /usr/sbin/apachectl stop: httpd stopped /usr/sbin/apachectl start: httpd (pid 18132) already running In the end, it doesn't restart; leaving the users out until I wait and restart httpd And the log isn't rotated neither. Chances are, the author meant something like # apachectl stop # [newsyslog or similar] # apachectl start If the text in the FAQ just kills httpd, it ought to be corrected, AFAICS. Could you please share your preferred methods to rotate the /var/www/logs/, ? Thanks, Uwe