(fix): Added a logrotate function to the crowdsec.go installer file by sidd190 · Pull Request #2873 · fosrl/pangolin

sidd190 · 2026-04-19T07:14:36Z

Add logrotate config for Traefik access logs when CrowdSec is installed

Documentation Update : fosrl/docs-v2#98

What and why

The default Pangolin install does not enable Traefik access logging.
When CrowdSec is selected during installation, the installer enables Traefik access logs (required for CrowdSec to detect threats).

These logs are written to:
config/traefik/logs/access.log (on the host)

Without log rotation, this file grows indefinitely, which is the issue reported in #2644.

This change fixes the problem only in the CrowdSec installation path, keeping the default install unaffected.

What changed

File modified: install/crowdsec.go

Added a new function: setupTraefikLogRotate()
This function is called from installCrowdsec() immediately after the directory config/traefik/logs/ is created.
The function writes a logrotate configuration file to /etc/logrotate.d/pangolin-traefik using the absolute path to the access log (resolved from the install directory).

Logrotate configuration written:

/opt/pangolin/config/traefik/logs/access.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    copytruncate
}

Note: copytruncate is the key directive. It copies the log file and then truncates the original in place.
This allows Traefik to continue writing to the same open file descriptor without needing a restart or SIGHUP signal.

If the installer is not running as root, it skips writing the file and instead prints the full configuration to stdout (with the actual resolved path), allowing the user to set it up manually.

Testing

The generated config was validated directly with logrotate:

# Check that the config parses cleanly
logrotate --debug /etc/logrotate.d/pangolin-traefik

# Force rotation (first time)
logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik

# Force rotation again (second time)
logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik

Observed behavior:

access.log is truncated in place after each rotation (Traefik’s file handle remains valid)
Most recent rotated file stays uncompressed for easy inspection (delaycompress)
Older files are compressed to .gz
After 7 rotations, the oldest file is automatically deleted

No changes were made to the default (non-CrowdSec) installation path as suggested by @oschwartz10612.

PS : Can someone please go through this comment and verify if a follow up PR like this is required where we are dropping the unused fields from crowdsec installation?

AstralDestiny · 2026-04-19T17:46:49Z

accessLog:
  filePath: "/logs/traefik/access.log"
  fields:
    headers:
      names:
        User-Agent: keep

For me, honestly don't even need User-Agent as I mostly have whitelists contained against traefik's own routers.

But my logs go back 2+ years and only sit with 185MB. What is the default access log look like for auto installs?

sidd190 · 2026-04-19T17:56:34Z

For me, honestly don't even need User-Agent as I mostly have whitelists contained against traefik's own routers.

But my logs go back 2+ years and only sit with 185MB. What is the default access log look like for auto installs?

Ahh, to be honest, I'm still learning what everything is. First time contributor here. So I can't exactly be sure if these additional fields are actually being used much, which is why I flagged it for review to kind of give a signal on what can we drop and what not on a default install settings with crowdsec, and maybe that can be addressed with a seperate PR from this.

I'll try and take a look at the default access log though. Hope you understand, sorry.

AstralDestiny · 2026-04-19T17:59:22Z

No worries. 🙂

Also responding from discord right now. One of the support but haven't checked what the default install recently ships with.

sidd190 · 2026-04-19T18:07:52Z

No worries. 🙂

Also responding from discord right now. One of the support but haven't checked what the default install recently ships with.

Ohh coool. I was thinking of putting an introduction on Discord right after getting this merged.

Umm soo, Should we wait for a response from someone else then? :)
(I think this PR might be kinda complete in itself for adding logrotate and stop the major problem though, and then the fields for optimizations and root cause of it. Maybe you can share your installation settings template if that's okay and we can compare with default a bit too)

AstralDestiny · 2026-04-19T18:10:44Z

I can't touch the pr stuff so will have to wait for the others. :), Made a bot that lets me respond from discord and see everything from a glance.

sidd190 · 2026-04-19T18:14:17Z

I can't touch the pr stuff so will have to wait for the others. :), Made a bot that lets me respond from discord and see everything from a glance.

Got itt, thanks! (The bot sounds cool! :) )

AstralDestiny · 2026-04-19T18:19:22Z

Not sure if I fixed this to upload though.

Nope got to fix uploading then

sidd190 · 2026-04-23T11:38:59Z

@oschwartz10612 Can you please take a look at this whenever available?

oschwartz10612

LGTM

oschwartz10612 · 2026-04-23T19:17:50Z

Thanks!

sidd190 · 2026-04-23T19:31:35Z

Thanks!

Awesome! Thanks for the merge! There was a follow-up documentation PR for this too.

DOCS PR -> fosrl/docs-v2#98

oschwartz10612 · 2026-04-24T00:05:00Z

Thanks for the reminder! Merged into dev which can out out with the release

(fix): Added a logrotate function to the crowdsec.go installer file

2c8b7b5

sidd190 requested review from miloschwartz and oschwartz10612 as code owners April 19, 2026 07:14

sidd190 mentioned this pull request Apr 19, 2026

Add Traefik-logrotation docs to self-hosting, with Crowdsec, and updated crowdsec installation doc with it fosrl/docs-v2#98

Merged

LaurenceJJones reviewed Apr 20, 2026

View reviewed changes

Comment thread install/crowdsec.go Outdated

Pass installdir as a parameter

473bce8

oschwartz10612 approved these changes Apr 23, 2026

View reviewed changes

oschwartz10612 merged commit 925a59c into fosrl:dev Apr 23, 2026
3 checks passed

sidd190 deleted the fix/crowdsec-traefik-logrotate branch April 23, 2026 19:32

Conversation

sidd190 commented Apr 19, 2026 • edited by oschwartz10612 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Add logrotate config for Traefik access logs when CrowdSec is installed

What and why

What changed

Logrotate configuration written:

Testing

Observed behavior:

Uh oh!

AstralDestiny commented Apr 19, 2026

Uh oh!

sidd190 commented Apr 19, 2026

Uh oh!

AstralDestiny commented Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sidd190 commented Apr 19, 2026

Uh oh!

AstralDestiny commented Apr 19, 2026

Uh oh!

sidd190 commented Apr 19, 2026

Uh oh!

AstralDestiny commented Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

sidd190 commented Apr 23, 2026

Uh oh!

oschwartz10612 left a comment

Choose a reason for hiding this comment

Uh oh!

oschwartz10612 commented Apr 23, 2026

Uh oh!

Uh oh!

sidd190 commented Apr 23, 2026

Uh oh!

oschwartz10612 commented Apr 24, 2026 via email

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

sidd190 commented Apr 19, 2026 •

edited by oschwartz10612

Loading

AstralDestiny commented Apr 19, 2026 •

edited

Loading

AstralDestiny commented Apr 19, 2026 •

edited

Loading