4 files changed, 16 insertions, 5 deletions

diff --git a/Makefile.am b/Makefile.am
index 84b799f..6726ac1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3,6 +3,7 @@ share_perl5dir	 = $(datarootdir)/perl5/Vyatta/VPN
 libudevdir	 = /lib/udev
 etcudevdir	 = /etc/udev
 initddir	 = /etc/init.d
+logrotatedir     = /etc/logrotate.d
 curverdir = $(sysconfdir)/config-migrate/current
 bin_sudo_usersdir = $(bindir)/sudo-users
 
@@ -13,6 +14,8 @@ sbin_SCRIPTS += scripts/vyatta-vpn-ppp-updown.pl
 bin_sudo_users_SCRIPTS = scripts/vyatta-ipsec-dhcp.pl
 share_perl5_DATA = lib/Vyatta/VPN/Util.pm
 
+logrotate_DATA = etc/logrotate.d/vyatta-ipsec-logs
+
 curver_DATA = cfg-version/ipsec@3
 
 cpiop = find  . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \
diff --git a/etc/logrotate.d/vyatta-ipsec-logs b/etc/logrotate.d/vyatta-ipsec-logs
new file mode 100644
index 0000000..fe3c83d
--- /dev/null
+++ b/etc/logrotate.d/vyatta-ipsec-logs
@@ -0,0 +1,7 @@
+
+/var/log/vyatta/ipsec.log {
+	nocompress
+	size 1M
+	rotate 2
+	create 664 root root
+}
diff --git a/lib/Vyatta/VPN/Util.pm b/lib/Vyatta/VPN/Util.pm
index ec5200e..f7dc320 100755
--- a/lib/Vyatta/VPN/Util.pm
+++ b/lib/Vyatta/VPN/Util.pm
@@ -131,7 +131,7 @@ sub vpn_debug {
 sub vpn_log {
     my ($msg) = @_;
     
-    open my $log, '>>', "/tmp/ipsec.log"
+    open my $log, '>>', "/var/log/vyatta/ipsec.log"
 	or return;
     
     my $timestamp = strftime("%Y-%m-%d %H:%M.%S", localtime);
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index f2430f7..a4a2428 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -51,6 +51,7 @@ my $CA_CERT_PATH = '/etc/ipsec.d/cacerts';
 my $CRL_PATH = '/etc/ipsec.d/crls';
 my $SERVER_CERT_PATH = '/etc/ipsec.d/certs';
 my $SERVER_KEY_PATH = '/etc/ipsec.d/private';
+my $LOGFILE = '/var/log/vyatta/ipsec.log';
 
 my $vpn_cfg_err   = "VPN configuration error:";
 my $clustering_ip = 0;
@@ -1204,8 +1205,8 @@ sub write_config {
 sub vpn_exec {
   my ( $command, $desc ) = @_;
 
-  open my $logf, '>>', "/tmp/ipsec.log"
-    or die "Can't open /tmp/ipsec.log: $!";
+  open my $logf, '>>', $LOGFILE
+    or die "Can't open $LOGFILE: $!";
 
   use POSIX;
   my $timestamp = strftime( "%Y-%m-%d %H:%M.%S", localtime );
@@ -1258,8 +1259,8 @@ sub vpn_exec {
 sub vpn_log {
   my ($log) = @_;
 
-  open my $logfile, '>>', "/tmp/ipsec.log"
-    or die "Can't open /tmp/ipsec.log: $!";
+  open my $logfile, '>>', $LOGFILE
+    or die "Can't open $LOGFILE: $!";
 
   use POSIX;
   my $timestamp = strftime( "%Y-%m-%d %H:%M.%S", localtime );