httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn <>
Subject Re: [PATCH] better failure mode for >2gb logfiles
Date Fri, 23 May 2003 01:38:36 GMT
On Thu, May 22, 2003 at 11:18:53PM +0100, Joe Orton wrote:
> On Thu, May 22, 2003 at 01:46:26PM -0700, Ian Holsman wrote:
> > Joe Orton wrote:
> > >The failure mode when write()ing past the 2gb file size limit on 
> > >systems which have such a limit is that a SIGXFSZ is delivered; 
> > >SIGXFSZ has an equivalent disposition to SIGSEGV on POSIX systems,
> > >by default.
> > >
> > >This patch changes the failure mode so that the SIGXFSZ is ignored;  
> > >the LFS standard requires that the write() then fails with EFBIG, so
> > >this becomes equivalent to an out-of-disk-space condition: the log
> > >messages are then silently dropped on the floor, and you don't know
> > >about it, but the server keeps functioning normally otherwise.
> > 
> > -1 as default behavior
> > I'd rather have a machine go down then for it to stop logging.
> The current behaviour with prefork if the access_log passes 2gb is that
> the server continues handling requests, but in "MaxRequestsPerChild 1"
> mode, i.e. slowly and with very high load.  So I think this change is
> an improvement.
> > Silent failure is never a good thing.
> It does appear that mod_log_config ignores write() failures, but I'd
> say that issue is orthogonal to this change.

Joe, how about modifying your approach a bit:
Create a handler for SIGXFSZ that sends the _parent_ httpd a USR1 signal.
Upon startup or reconfiguration after a USR1/HUP, the master httpd could
check log file sizes (fstat() after opening the log) and could artificially
rotate a log file if was too large, and then could log a message to the
error log indicating that such was done (and the unique name to which the
oversized log was rotated).  If people like the concept, I'll put together
a patch.

IMHO, an even better approach would be to use piped logs and to have
the piped log program handle log rotation and other logging policy.
That's the unix way; a small program does one small job and does it
really well.

(The LAST thing I want done is to set such an uncommon signal to SIG_IGN
 because the ignored disposition is inherited by spawned children (i.e. CGI)
 unless explicitly reset.  Block the signal if you must (also inherited, but
 more efficiently reset with a single system call for lots of signals), but
 please try to avoid ignoring it.)


View raw message