Community Articles

Apache Ranger uses an embedded Tomcat server to provide the Web UI functionality for administration of Ranger. A previous HCC article provided details on maintenance of the log files that are managed by the log4j configuration, including xa_portal.log, ranger_admin_perf.log, xa_portal_sql.log.

We're going to focus on maintenance of the access_log* logs that get automatically generated by Tomcat, but which are not managed by this log4j configuration. With embedded Tomcat, the configuration is contained within the code for the AccessLogValve (as you can see, it uses an hourly rotation pattern unless overridden by ranger.accesslog.dateformat).

We'll use the logrotate application in CentOS/RHEL to manage these access_log* logs as the number of files can grow large without rotation and removal in place. You can check to see how many of these files you have on your Ranger Admin node by running (there would be one access_log* file per hour for each day during which the service has ran continuously):

ls /var/log/ranger/admin | cut -d '.' -f 1 | uniq -c

Within /etc/logrotate.d, we'll create a configuration specific to these Ranger logs, as the configuration for logrotate, in /etc/logrotate.conf by default, will include these application-spcific configurations as well.

Create a new file (as root) ranger_access in /etc/logrotate.d in your favorite editor and then insert:

/var/log/ranger/admin/access_log* {
    daily
    copytruncate
    compress
    dateext
    rotate 5
    maxage 7
    olddir /var/log/ranger/admin/old
    missingok
}

This is just an example logrotate configuration. I'll make note of a couple items, please see the man page for details on each of these options and some additional examples.

• The copytruncate option ensures that Tomcat can keep writing to the same file handle (as opposed to writing to a newly-created file which requires recycling Tomcat)
• The compress option will use gzip by default
• Maxage limits how old the files are that will be kept
• Olddir indicates that logs are moved into the directory for rotation

Logrotate will be invoked daily as a cronjob by default, due to the existence of the logrotate file in /etc/cron.daily. You can run logrotate manually by specifying the configuration:

sudo /usr/sbin/logrotate /etc/logrotate.conf

Note that logrotate keeps the state of files in the /var/lib/logrotate.status, and it uses the date of last execution captured there as the reference of what to do with a logfile. You can also run logrotate with the -d flag to test your configuration (this won't actually do anything, it will just produce output regarding what would happen).

sudo /usr/sbin/logrotate -d /etc/logrotate.conf 2> /tmp/logrotate.debug

As a result of this configuration, only 5 days worth of logs are kept, they're kept in the ./old directory, and they're compressed. This ensures that the Ranger admin access_log* logs data does not grow unmanageably large.