by Anthony Tonns

Problem: When rotating logs for a proftpd server, how long do you wait for the old processes to release thier filehandles on the old logfiles before you start compressing the logs?

Solution: I have scripted the log rotation script to check the filehandles of the old logfile using the UNIX utility lsof. You can set $maxtries to however many attempts you want to check the file and $sleeptime to how long you want to wait between retries. The default is 120 seconds between tries, with a maximum of 30 tries (1 hour, because FTP is more persistent than other protocols).

NOTES: required the perl module File::Basename and a bunch of other 'standard' UNIX utils.

This script is designed to be run from cron at 23:59 at night. Here is my cron entry:

# rotate/archive the proftpd logs
# ATonns Sun Jul 14 15:53:20 EDT 2002
59 23 * * * /usr/local/sbin/
You can't get simpler than that.

This script grew out my my experiences with apache, which is similarly fuX0red if you gzip before all the filehandles are released.

It will get all the information about the current day/time and then sleep for 60 seconds as to attempt to rotate the logs as close to midnight as possible. A step-by-step breakdown of the procedure is:


  1. You MUST change who the reports are mailed to by editing the "@victims_email" and "@victims_pagers" variables.

  2. Reports are mailed using "/usr/bin/mail" with the -s option to set the subject. You might need to change this under Solaris or any other SysV OS to "mailx" the BSD mailer. Just edit the "$MAIL" variable.

  3. I like to name my logfile "access". If you need something else, remember to edit the proftpdlogrotate.cfg correctly.

Here is the perl source to
Here is a sample config file, proftpdlogrotate.cfg.
Here is the GPL, which is the license for ''

P.S. - I'm sure this script could use a lot of improvement. I'm leaving it as an excercise to the reader (ie: don't email me about how this isn't right or that isn't what you wanted - get off your a$$ and do it yourself). The script has a LONG history and could use an overhaul, which I'll do one of these days. Homepage