Log files consuming excess amount of storage space in VMware Cloud Director 10.5 and 10.6
search cancel

Log files consuming excess amount of storage space in VMware Cloud Director 10.5 and 10.6

book

Article ID: 328001

calendar_today

Updated On: 04-23-2025

Products

VMware Cloud Director

Issue/Introduction

Default /etc/logrotate.d/messages-and-auth configuration does not change /var/log/messages output file until to trigger /var/log/auth.log rotation.

This issue may cause to grow /var/log/messages-YYYYMMDD and exhaust "/" partition.

Environment

VMware Cloud Director 10.x

Cause

This default /etc/logrotate.d/messages-and-auth configuration could not restart rsyslogd.service when only /var/log/messages was rotated.

Default:
/etc/logrotate.d/messages-and-auth

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
}

/var/log/auth.log {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}
 

In VCD 10.6 and later, auth log output destination has changed from /var/log/auth.log to /var/log/messages.

As a result, /var/log/auth.log will be no longer rotated and more likely to run out "/" partition due to this issue.

Resolution

Engineering is aware of this issue and this will be resolved in the future release.

Workaround:

Edit /etc/logrotate.d/messages-and-auth file as follow:

Up to version 10.5.1.1

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

/var/log/auth.log {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

 

Version 10.6 and later

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

Note: Since VCD 10.6 and later, auth log output destination has changed from /var/log/auth.log to /var/log/messages. It no need to rotate /var/log/auth.log.

 

After these changes are made they are permanent and are not overwritten by software updates. There is no need to restart a process because log rotation is a cron job.

 

Additional Information

If above log rotation policy does not meet the requirements of the service provider file retention policy, make changes to the following parameters: 

minsize <size>

Log files are rotated when they grow larger than the specified size but not before the specified time interval.

 

rotate <number>

Indicates how many times to rotate before deleting a file.

Powered by Wolken Software