diff --git a/source/includes/steps-log-rotate-rename.yaml b/source/includes/steps-log-rotate-rename.yaml index 3ef3505b847..e9d3378f4ab 100644 --- a/source/includes/steps-log-rotate-rename.yaml +++ b/source/includes/steps-log-rotate-rename.yaml @@ -30,7 +30,13 @@ pre: | action: language: sh code: | - db.adminCommand( { logRotate : 1 } ) + db.adminCommand( { logRotate : server } ) +post: | + If :doc:`auditing ` is enabled, you can specify ``1`` + to ``logRotate`` (instead of ``server``) to rotate both the server + and audit logs at the same time, if desired. The audit log will be + rotated in the same fashion as the server log, according to the + :option:`--logRotate ` setting. --- stepnum: 4 ref: list-new-logfiles diff --git a/source/reference/command/logRotate.txt b/source/reference/command/logRotate.txt index dc34f7ff357..8fce145b181 100644 --- a/source/reference/command/logRotate.txt +++ b/source/reference/command/logRotate.txt @@ -16,26 +16,44 @@ Definition .. dbcommand:: logRotate The :dbcommand:`logRotate` command is an administrative command that - allows you to rotate the MongoDB logs to prevent a single logfile - from consuming too much disk space. - - If :doc:`auditing ` is enabled, the - :dbcommand:`logRotate` command also rotates the audit log. + allows you to rotate the MongoDB server log and/or audit log to + prevent a single logfile from consuming too much disk space. You must issue the :dbcommand:`logRotate` command against the :term:`admin database` in the form: .. code-block:: javascript - { logRotate: 1 } - - :dbcommand:`logRotate` takes an optional ``comment`` parameter which - may be of any data type. - - .. note:: - - Your :binary:`~bin.mongod` instance needs to be running with the - :option:`--logpath [file] ` option. + db.adminCommand({logRotate: }) + + The :dbcommand:`logRotate` command takes the following parameters: + + .. list-table:: + :header-rows: 1 + :widths: 20 20 80 + + * - Parameter + + - Type + + - Description + + * - ```` + + - string + + - The log or logs to rotate, according to the following: + + - ``1`` -- Rotates both the server and audit logs + - ``server`` -- Rotates only the server log + - ``audit`` -- Rotates only the audit log + + * - ``comment`` + + - any + + - *optional* A message logged by the server to the log file and + audit file at time of log rotation. You may also rotate the logs by sending a ``SIGUSR1`` signal to the :binary:`~bin.mongod` process. @@ -48,16 +66,27 @@ Definition kill -SIGUSR1 2200 +Limitations +----------- + +- Your :binary:`~bin.mongod` instance needs to be running with the + :option:`--logpath [file] ` option in order to use + :dbcommand:`logRotate` + +- :doc:`Auditing ` must be enabled in order to rotate + the audit log. + Behavior -------- -The :setting:`systemLog.logRotate` setting or :option:`--logRotate ` option -specify :dbcommand:`logRotate`'s behavior. +The :setting:`systemLog.logRotate` setting or +:option:`--logRotate ` option specify +:dbcommand:`logRotate`'s behavior. -When :setting:`systemLog.logRotate` or :option:`--logRotate ` are set to -``rename``, :dbcommand:`logRotate` renames the existing log file by -appending the current timestamp to the filename. The appended timestamp -has the following form: +When :setting:`systemLog.logRotate` or :option:`--logRotate +` are set to ``rename``, :dbcommand:`logRotate` +renames the existing log file by appending the current timestamp to the +filename. The appended timestamp has the following form: .. code-block:: none @@ -67,11 +96,26 @@ Then :dbcommand:`logRotate` creates a new log file with the same name as originally specified by the :setting:`systemLog.path` setting to :binary:`~bin.mongod` or :binary:`~bin.mongos`. -When :setting:`systemLog.logRotate` or :option:`--logRotate ` are set to -``reopen``, :dbcommand:`logRotate` follows the typical Linux/Unix -behavior, and simply closes the log file, and then reopens a log file -with the same name. With ``reopen``, :binary:`~bin.mongod` expects that -another process renames the file prior to the rotation, and that the -reopen results in the creation of a new file. +When :setting:`systemLog.logRotate` or :option:`--logRotate +` are set to ``reopen``, :dbcommand:`logRotate` +follows the typical Linux/Unix behavior, and simply closes the log file +then reopens a log file with the same name. With ``reopen``, +:binary:`~bin.mongod` expects that another process renames the file +prior to the rotation, and that the reopen results in the creation of a +new file. + +Examples +-------- + +The following example rotates both the server log and the audit log: + +.. code-block:: javascript + + db.adminCommand({logRotate: 1}) + +The following example rotates only the audit log, and provides a custom +message to the log file at time of rotation: + +.. code-block:: javascript -.. :error:`16175` is thrown if logRotate fails + db.adminCommand({logRotate: audit, comment: "Rotating audit log"}) diff --git a/source/reference/configuration-options.txt b/source/reference/configuration-options.txt index bb4209b088d..61dd6033ea8 100644 --- a/source/reference/configuration-options.txt +++ b/source/reference/configuration-options.txt @@ -276,8 +276,9 @@ Core Options *Default*: rename - The behavior for the :dbcommand:`logRotate` command. - Specify either ``rename`` or ``reopen``: + Determines the behavior for the :dbcommand:`logRotate` command when + rotating the server log and/or the audit log. Specify either + ``rename`` or ``reopen``: - ``rename`` renames the log file. @@ -287,12 +288,6 @@ Core Options If you specify ``reopen``, you must also set :setting:`systemLog.logAppend` to ``true``. - If :doc:`auditing ` is enabled, the - :dbcommand:`logRotate` command also rotates the audit log according - to the above parameters. For example, if - :setting:`systemLog.logRotate` is set to ``rename``, the audit log - will also be renamed. - .. setting:: systemLog.destination diff --git a/source/reference/program/mongod.txt b/source/reference/program/mongod.txt index 56ea9ff0310..568b3866c71 100644 --- a/source/reference/program/mongod.txt +++ b/source/reference/program/mongod.txt @@ -431,8 +431,9 @@ Core Options *Default*: rename - Determines the behavior for the :dbcommand:`logRotate` command. - Specify either ``rename`` or ``reopen``: + Determines the behavior for the :dbcommand:`logRotate` command when + rotating the server log and/or the audit log. Specify either + ``rename`` or ``reopen``: - ``rename`` renames the log file. @@ -442,11 +443,6 @@ Core Options If you specify ``reopen``, you must also use :option:`--logappend`. - If :doc:`auditing ` is enabled, the - :dbcommand:`logRotate` command also rotates the audit log according - to the above parameters. For example, if :option:`--logRotate` is set - to ``rename``, the audit log will also be renamed. - .. option:: --timeStampFormat diff --git a/source/reference/program/mongos.txt b/source/reference/program/mongos.txt index 1b7fa91f603..de4cd79bc77 100644 --- a/source/reference/program/mongos.txt +++ b/source/reference/program/mongos.txt @@ -330,8 +330,9 @@ Core Options *Default*: rename - Determines the behavior for the :dbcommand:`logRotate` command. - Specify either ``rename`` or ``reopen``: + Determines the behavior for the :dbcommand:`logRotate` command when + rotating the server log and/or the audit log. Specify either + ``rename`` or ``reopen``: - ``rename`` renames the log file. @@ -341,10 +342,6 @@ Core Options If you specify ``reopen``, you must also use :option:`--logappend`. - If :doc:`auditing ` is enabled, the - :dbcommand:`logRotate` command also rotates the audit log according - to the above parameters. For example, if :option:`--logRotate` is set - to ``rename``, the audit log will also be renamed. .. option:: --redactClientLogData diff --git a/source/release-notes/5.0.txt b/source/release-notes/5.0.txt index 5b1596e6916..8d237298a49 100644 --- a/source/release-notes/5.0.txt +++ b/source/release-notes/5.0.txt @@ -405,6 +405,14 @@ Log Changes to Database Profiler Settings .. include:: /includes/log-changes-to-database-profiler.rst +Independent Log Rotation for Server and Audit Logs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Starting in MongoDB 5.0, when :doc:`auditing ` is +enabled, you may now rotate the server and audit logs +independently using the :dbcommand:`logRotate` command. +Previously, :dbcommand:`logRotate` would rotate the two logs together. + ``remote`` Field in Slow Operation Logs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/tutorial/configure-auditing.txt b/source/tutorial/configure-auditing.txt index 1848728a63f..7390770b9c8 100644 --- a/source/tutorial/configure-auditing.txt +++ b/source/tutorial/configure-auditing.txt @@ -151,10 +151,11 @@ a file with the relative path name of ``data/db/auditLog.json``: in :doc:`/administration/security-checklist` to prevent unauthorized access. -The audit file is :dbcommand:`rotated ` at the same time as -the server log file. Rotation specifics may be configured with the -:setting:`systemLog.logRotate` configuration file option or the -:option:`--logRotate ` command-line option. +The audit file may be rotated with the :dbcommand:`logRotate` command, +either alongside the server log or independently. Rotation specifics +may be configured with the :setting:`systemLog.logRotate` configuration +file option or the :option:`--logRotate ` +command-line option. You may also specify these options in the :doc:`configuration file `: diff --git a/source/tutorial/rotate-log-files.txt b/source/tutorial/rotate-log-files.txt index fb1c80ded07..e59eac9127f 100644 --- a/source/tutorial/rotate-log-files.txt +++ b/source/tutorial/rotate-log-files.txt @@ -19,7 +19,9 @@ report a live account of all activity and operations to a log file. When reporting activity data to a log file, by default, MongoDB only rotates logs in response to the :dbcommand:`logRotate` command, or when the :binary:`~bin.mongod` or :binary:`~bin.mongos` process receives a -``SIGUSR1`` signal from the operating system. +``SIGUSR1`` signal from the operating system. Both server logs and +:doc:`audit logs ` may be rotated with the +:dbcommand:`logRotate` command, either together or independently. MongoDB's standard log rotation approach archives the current log file and starts a new one. To do this, the :binary:`~bin.mongod` or @@ -88,9 +90,3 @@ file for that instance on Linux: .. code-block:: bash kill -SIGUSR1 2200 - -Interaction with Audit Logs ---------------------------- - -If :doc:`auditing ` is enabled, the -:dbcommand:`logRotate` command also rotates the audit log.