WA access logs

OK! So after about 2 dozen emails back and forth with support I finally have a workable solution. Thanks to all who contributed.

 

Let me recap:

 

My goal was to be able to control my own access log rotation however I wanted to, without being locked into F5's defaults.

 

After applying the Hotfix-BIG-IP-9.4.3-HF2 which fixed the 'bug' with the wrong path, the WA access logs were now included in the hourly rotation schedule and configured to rotate at 10MB. This was not ideal in my setup so I pressed on for a better solution.

 

Turns out it was not that hard, just mainly my lack of understanding of how the WA manages the config files.

 

So here is the solution I came up with that I am happy with.

 

NOTE: This configuration is not offically sanctioned by F5 and may be wiped out by future upgrades. Use at your own risk.

 

 

1. Edit /usr/share/defaults/config/templates/warotate.tmpl and remove the /var/log/wa/access/*.log filespec.

 

 

2. Run: bigpipe logrotate wa include \"blah\" (this is a hack to get it to regenerate the wa conf files)

 

 

3. Regenerate the configs with: bigpipe save all

 

 

4. Create a standard logrotate conf file here: /var/run/config/logrotate.d/wa_access with your custom settings. Here is mine:

 

 

 

/var/log/wa/access/*.log {

 

compress

 

ifempty

 

rotate 7

 

daily

 

olddir /var/log/wa/access/archive

 

sharedscripts

 

postrotate

 

/bin/kill -HUP `/sbin/pidof -s pvac 2> /dev/null` 2> /dev/null || true

 

cd /var/log/wa/access/archive;for i in `ls -1 *.1.gz`;do /usr/bin/scp $i user@host:/destdir/`date -r $i +%Y%m%d`-$i;done

 

endscript

 

}

 

 

 

 

 

5. You need to mkdir /var/log/wa/access/archive

 

 

6. Check your config by running: logrotate -d /etc/logrotate.conf

 

 

Note: Because I opted for a daily rotation in this case, the default logrotate script that gets called in /etc/cron.daily will pick up the wa_access file from /var/run/config/logrotate.d. If you wanted to run hourly rotation, you'd be better off following the method in SOL8320 and adding it to the wa include section.

 

 

I just put together this configuration today and haven't yet let it run on it's own, but it looks good on the debug check. I will come back and modify the post if it needs any tweaks. The only thing I am not sure about is whether or not I will leave it in cron.daily, since this gets run at 04:02. Because I'm anal, I might change it to run in a seperate crontab at midnight or just change the time in /etc/crontab.