Skip to main content

How to automatically rotate MongoDB logs

Steven Hajek
  • Created:
  • Updated:

The purpose of this article is to provide steps required for implementing a tested method for rotating the ProfileUnity Console's MongoDB log based on size and age.

The implementation consists of a Powershell script, a Scheduled Task and a securely-stored, encrypted copy of the "prou_services" user's password.

Notes:

  1. This implementation requires knowing your console's, or cluster's, "prou_services" account password, as well as elevated Administrator privileges on the ProfileUnity Console(s).
  2. MongoDB default installation location assumed: "C:\Program Files\MongoDB"
  3. The scheduled task that gets created will run automatically 1 minute after its creation, and then every 15 minutes.  On reboot, the task will also run automatically, and then every 15 minutes.
  4. Default settings will only compress a mongod.log file 500mb or larger, resulting in a 30mb zip file that is retained for 30 days.
  5. Apply to all nodes in a cluster.

Steps:

  1. Download and review the scripts attached to this ticket.  No changes should be required as long as the original self-signed certificates created during installation have not been deleted. 
    • If the "Liquidware Certificate" isn't available, a new certificate Subject will need to be specified in the "$certificateSubject" variable of the "Rotate-MongoDBLogsBySize-SYSTEM.ps1" file.

  2. Copy the files into the "C:\Program Files\MongoDB" folder on your ProfileUnity Console(s):
    Rotate-MongoDBLogsBySize-SYSTEM.ps1
    Rotate-PasswordSaver-SYSTEM.ps1
    Rotate-TaskCreator-SYSTEM.ps1

  3. Securely store the account password - Open an elevated (Run as administrator) Powershell CLI on the ProfileUnity Console server and execute the following command.  It will prompt you for your "prou_services" password and store it so it can only be accessed by elevated, administrator-level processes.  In addition, the password is encrypted at-rest, as well as in-transit.
    Command:  &"C:\Program Files\MongoDB\Rotate-PasswordSaver-SYSTEM.ps1"
    Expected output: "Password encrypted and saved to ..."

  4. Create a scheduled task that runs the script every 15 minutes as SYSTEM, that will append to this log file each run: "C:\Windows\Temp\MongoDBLogRotation.log"
    Command:  &"C:\Program Files\MongoDB\Rotate-TaskCreator-SYSTEM.ps1"
    Expected output: "SUCCESS: The scheduled task MongoDB Secure Log Rotation has successfully been created."

One minute after task creation, it will automatically run for the first time.  The log file can then be reviewed for any errors: "C:\Windows\Temp\MongoDBLogRotation.log"

If the log doesn't show up after 2 minutes from task creation, review the "MongoDB Secure Log Rotation" task history for any errors, as well as the Last Run result.

 

Related articles