Environment
ZENworks Configuration Management 2020
ZENworks Configuration Management 2020 Update 1
Situation
On ZENworks 2020 and ZENworks 2020 Update 1 Appliances logrotate is not working for the following log files:
- /var/log/warn
- /var/log/messages
- /var/log/allmessages
- /var/log/localmessages
- /var/log/firewall
- /var/log/acpid
- /var/log/NetworkManager
- /var/log/mail
- /var/log/mail.info
- /var/log/mail.warn
- /var/log/mail.err
- /var/log/news/news.crit
- /var/log/news/news.err
- /var/log/news/news.notice
Most of above files remain empty or small in size, however, /var/log/messages and /var/log/firewall can grow considerably.
Over time this could potentially result into the OS disk running out of space.
Resolution
For ZENworks 2020 update 1 a patch has been released "Patch 756951 Consolidated FTF for OCTCR40D122012,OCTCR40D101082 and OCTCR40D107026" that can be found at this link: https://kmviewer.saas.microfocus.com/#/756951
For 2020 workaround:
A quick work around is to change ownership of the folder /var/log/news to user and group root using the following command:
chown root:root /var/log/news
Logrotate will now work again and at midnight it will rollover and compress the above files.
Another workaround is to modify the logrotate configuration.
Edit the file /etc/logrotate.d/syslog using this command:
vi /etc/logrotate.d/syslog
Modify the uncommented section so it matches as shown below, this way the news logrotate handling is split up and will prevent the issue from happening.
=====/etc/logrotate.d/syslog snip=====
/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages
/var/log/firewall /var/log/acpid /var/log/NetworkManager
/var/log/mail /var/log/mail.info /var/log/mail.warn /var/log/mail.err
{
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
create 640 root root
sharedscripts
postrotate
/usr/bin/systemctl reload syslog.service > /dev/null
endscript
}
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice
{
su news news
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
create 640 root root
sharedscripts
postrotate
/usr/bin/systemctl reload syslog.service > /dev/null
endscript
}
==============================
Save above changes and logrotate will work when it's automatically executed at midnight.
Cause
The ZENworks permissions.sh script runs at every general refresh of the ZENworks agent on a primary server.
This permissions.sh script, located in /opt/novell/zenworks/bin/, sets file permissions for all ZENworks related files.
On the Appliance there is a softlink called OS, located in /var/opt/novell/log/, and this points to /var/log/
The permissions.sh script sets the rights on /var/opt/novell/log/ and follows the OS symlink, ending up setting rights on all files and directories under /var/log/
Because of that the rights on /var/log/news are too high when logrotate runs and reports the following error in /var/log/messages:
error: skipping "/var/log/news/news.crit" because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
Since /var/log/news is configured in the same logrotate configuration file it ends up skipping other log files like /var/log/messages