Running TheHive 4.0.1-1 it appears that application.log is no longer rotated. #1746

pitrh · 2021-01-13T08:52:37Z

Running TheHive 4.0.1-1 it appears that application.log is no longer rotated.

No changes made to the supplied logback.xml

How do I enable and/or debug the issue?

Originally posted by @pitrh in #579 (comment)

mphbig · 2021-02-02T15:03:10Z

Hello, same issue here.

We implemented a workaround using rsyslog and logrotate.

/etc/thehive/logback.xml

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false">
    <conversionRule conversionWord="coloredLevel"
        converterClass="play.api.libs.logback.ColoredLevel"/>

    <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
        <syslogHost>localhost</syslogHost>
        <facility>LOCAL4</facility>
        <throwableExcluded>true</throwableExcluded>
        <suffixPattern>[%level] from %logger in %thread [%X{request}|%X{tx}] %message%n%xException</suffixPattern>
    </appender>

    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>%coloredLevel %logger{15} [%X{request}|%X{tx}] %message%n%xException{10}</pattern>
        </encoder>
    </appender>

    <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
        <appender-ref ref="STDOUT"/>
    </appender>

    <logger name="org.thp" level="INFO"/>

    <root level="INFO">
        <appender-ref ref="SYSLOG"/>
        <appender-ref ref="ASYNCSTDOUT"/>
    </root>

</configuration>

/etc/rsyslog.conf

$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514

/etc/rsyslog.d/40-thehive.conf

local4.*        -/var/log/thehive/application.log

/etc/logrotate.d/thehive

/var/log/thehive/application.log
{
        rotate 20
        daily
        maxsize 250M
        compress
        nodelaycompress
        missingok
        notifempty
        create 660 root thehive
        postrotate
                invoke-rc.d rsyslog rotate > /dev/null
        endscript
}

To-om · 2021-02-03T17:12:30Z

@pitrh which package do you use (deb, rpm, zip, ...) ? Can you check if logback configuration file is used by TheHive (with the parameter -Dlogger.file=/etc/thehive/logback.xml) ?

To-om · 2021-02-03T18:01:18Z

I found a typo in logback.xml file. This is probably why logs are not rotated.

pitrh · 2021-02-04T08:40:53Z

The package was the then-latest rpm --
$ sudo yum list installed | grep -i thehive
cortex.noarch 3.1.0-1 @TheHive-Project
thehive4.noarch 4.0.4-1 @TheHive-Project

Applying the changes indicated in the referenced commit followed by "sudo systemctl restart thehive" did get log rotation going.

Please see my comment on the commit, the local (untouched) logback-migration.xml differed from the "before" version referenced in the commit.

nadouani assigned To-om Jan 20, 2021

nadouani added TheHive4 TheHive4 related issues need:investigation labels Jan 20, 2021

nadouani added this to the 4.1.0 milestone Jan 20, 2021

To-om modified the milestones: 4.1.0, 4.0.5 Feb 3, 2021

To-om removed the need:investigation label Feb 3, 2021

To-om added a commit that referenced this issue Feb 3, 2021

#1746 Fix typo that prevent log rotation

8c096ef

To-om closed this as completed Feb 3, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Running TheHive 4.0.1-1 it appears that application.log is no longer rotated. #1746

Running TheHive 4.0.1-1 it appears that application.log is no longer rotated. #1746

pitrh commented Jan 13, 2021

mphbig commented Feb 2, 2021

To-om commented Feb 3, 2021

To-om commented Feb 3, 2021

pitrh commented Feb 4, 2021

Running TheHive 4.0.1-1 it appears that application.log is no longer rotated. #1746

Running TheHive 4.0.1-1 it appears that application.log is no longer rotated. #1746

Comments

pitrh commented Jan 13, 2021

mphbig commented Feb 2, 2021

To-om commented Feb 3, 2021

To-om commented Feb 3, 2021

pitrh commented Feb 4, 2021