Resolution: Won't Fix
Affects Version/s: 2.6.0
Fix Version/s: None
Web Server:Apache 2.4
There is a race condition in the log rotation in the NativeSP module linked into Apache.
When Apache is reloading the configuration (which is also triggered as post-rotate action from /etc/logrotate.d/httpd on CentOS 6 and 7), all httpd forked children are active at the same time.
And all of them do some logging from mod_shib.
And if the native.log is just below the threshold for sized-based log rotation, the children try to rotate it each independently, stepping on each other's toes.
I've even seen:
service httpd reload
(the host runs in NZ timezone; hence the future timestamps).
IMHO, the only way to get around this is to move the rotation out to external tools - eg, logrotate, as documented eg at https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogRotation
PS: and the log rotation also doesn't go well with SELinux: Apache is only allowed to append to logs, not move/rename/delete them. Another reason for not doing it in Apache.
PS2: this is different from