stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
c58a236d70742082c8dda5a967972d08424732f2
git.stella-ops.org/docs/doctor/articles/observability/log-rotation.md
master c58a236d70 Doctor plugin checks: implement health check classes and documentation 
Implement remediation-aware health checks across all Doctor plugin modules
(Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment,
EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release,
Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation,
Authority, Core, Cryptography, Database, Docker, Integration, Notify,
Observability, Security, ServiceGraph, Sources, Verification).

Each check now emits structured remediation metadata (severity, category,
runbook links, and fix suggestions) consumed by the Doctor dashboard
remediation panel.

Also adds:
- docs/doctor/articles/ knowledge base for check explanations
- Advisory AI search seed and allowlist updates for doctor content
- Sprint plan for doctor checks documentation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 12:28:00 +02:00

2.3 KiB
Raw Blame History

checkId, plugin, severity, tags
checkId plugin severity tags
check.logs.rotation.configured stellaops.doctor.observability warn
observability
logs

Log Rotation

What It Checks

Verifies that log rotation is configured to prevent disk exhaustion. The check:

  • Looks for application-level rotation via Logging:RollingPolicy configuration.
  • Checks for Serilog rolling configuration at Serilog:WriteTo:0:Args:rollingInterval.
  • On Linux, checks for system-level logrotate at /etc/logrotate.d/stellaops.
  • Scans log files in the log directory and flags any file exceeding 100MB.
  • Warns if rotation is not configured and large log files exist or total log size exceeds 200MB.
  • Reports info if rotation is not configured but logs are still small.

Why It Matters

Without log rotation, log files grow unbounded until they exhaust disk space. Disk exhaustion causes cascading failures across all services. Even before exhaustion, very large log files are slow to search and analyze during incident response.

Common Causes

  • Log rotation not configured in application settings
  • logrotate not installed or stellaops config missing from /etc/logrotate.d/
  • Application-level rotation disabled
  • Rotation threshold set too high
  • Very high log volume overwhelming rotation schedule

How to Fix

Docker Compose

Set application-level log rotation:

environment:
  Logging__RollingPolicy: "Size"
  Serilog__WriteTo__0__Args__rollingInterval: "Day"
  Serilog__WriteTo__0__Args__fileSizeLimitBytes: "104857600"  # 100MB

Bare Metal / systemd

Option 1 -- Application-level rotation in appsettings.json:

{
  "Logging": {
    "RollingPolicy": "Size"
  }
}

Option 2 -- System-level logrotate:

sudo cp /usr/share/stellaops/logrotate.conf /etc/logrotate.d/stellaops

# Or create manually:
cat <<EOF | sudo tee /etc/logrotate.d/stellaops
/var/log/stellaops/*.log {
    daily
    rotate 14
    compress
    missingok
    notifempty
    maxsize 100M
}
EOF

Kubernetes / Helm

logging:
  rollingPolicy: "Size"
  maxFileSizeMB: 100
  retainFiles: 14

Verification

stella doctor run --check check.logs.rotation.configured

Related Checks

  • check.logs.directory.writable — verifies log directory exists and is writable
  • check.storage.diskspace — verifies sufficient disk space is available