Logrotate fails for /var/log/messages and keeps growing on ZENworks 2020 appliance

  • 7024965
  • 17-Dec-2020
  • 25-Feb-2021

Environment


ZENworks Configuration Management 2020

ZENworks Configuration Management 2020 Update 1

Situation

On ZENworks 2020 and ZENworks 2020 Update 1 Appliances logrotate is not working for the following log files:

  • /var/log/warn
  • /var/log/messages
  • /var/log/allmessages
  • /var/log/localmessages
  • /var/log/firewall
  • /var/log/acpid
  • /var/log/NetworkManager
  • /var/log/mail
  • /var/log/mail.info
  • /var/log/mail.warn
  • /var/log/mail.err
  • /var/log/news/news.crit
  • /var/log/news/news.err
  • /var/log/news/news.notice

Most of above files remain empty or small in size, however, /var/log/messages and /var/log/firewall can grow considerably.

Over time this could potentially result into the OS disk running out of space. 

Resolution

For ZENworks 2020 update 1 a patch has been released "Patch 756951 Consolidated FTF for OCTCR40D122012,OCTCR40D101082 and OCTCR40D107026" that can be found at this link:  https://kmviewer.saas.microfocus.com/#/756951

For 2020 workaround:

A quick work around is to change ownership of the folder /var/log/news to user and group root using the following command:

chown root:root /var/log/news

Logrotate will now work again and at midnight it will rollover and compress the above files.

Another workaround is to modify the logrotate configuration.
Edit the file /etc/logrotate.d/syslog using this command:

vi /etc/logrotate.d/syslog

Modify the uncommented section so it matches as shown below, this way the news logrotate handling is split up and will prevent the issue from happening.

=====/etc/logrotate.d/syslog snip=====

/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages
/var/log/firewall /var/log/acpid /var/log/NetworkManager
/var/log/mail /var/log/mail.info /var/log/mail.warn /var/log/mail.err
{
    compress
    dateext
    maxage 365
    rotate 99
    missingok
    notifempty
    size +4096k
    create 640 root root
    sharedscripts
    postrotate
        /usr/bin/systemctl reload syslog.service > /dev/null
    endscript
}
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice
{
    su news news
    compress
    dateext
    maxage 365
    rotate 99
    missingok
    notifempty
    size +4096k
    create 640 root root
    sharedscripts
    postrotate
        /usr/bin/systemctl reload syslog.service > /dev/null
    endscript
}

==============================


Save above changes and logrotate will work when it's automatically executed at midnight.

Cause

The ZENworks permissions.sh script runs at every general refresh of the ZENworks agent on a primary server.

This permissions.sh script, located in /opt/novell/zenworks/bin/, sets file permissions for all ZENworks related files.
On the Appliance there is a softlink called OS, located in /var/opt/novell/log/, and this points to /var/log/
The permissions.sh script sets the rights on /var/opt/novell/log/ and follows the OS symlink, ending up setting rights on all files and directories under /var/log/

Because of that the rights on /var/log/news are too high when logrotate runs and reports the following error in /var/log/messages:

error: skipping "/var/log/news/news.crit" because parent directory has insecure permissions (It's world writable or writable by group which is not "root")

Since /var/log/news is configured in the same logrotate configuration file it ends up skipping other log files like /var/log/messages

Status

Reported to Engineering

Feedback service temporarily unavailable. For content questions or problems, please contact Support.