From c7cf401b0a0a78338e6649954d7d88ee896694ca Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Sat, 17 Jan 2026 02:34:22 +0000
Subject: [PATCH] cisco-vpn: Daily log rotation with 7-day retention

- Logs now saved to /var/log/cisco-vpn/YYYY-MM-DD.log
- Automatic cleanup of logs older than 7 days
- Each day gets its own log file
---
 apps/rego-tunnel/shared/cisco-vpn | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/apps/rego-tunnel/shared/cisco-vpn b/apps/rego-tunnel/shared/cisco-vpn
index 4176f1b..0d5ca56 100755
--- a/apps/rego-tunnel/shared/cisco-vpn
+++ b/apps/rego-tunnel/shared/cisco-vpn
@@ -26,9 +26,20 @@ TOTP_SECRET="${VPN_TOTP_SECRET:-}"
 VPN_HOST="${VPN_HOST:-vpn-ord1.dovercorp.com}"
 TARGET_IP="${TARGET_IP:-10.35.33.230}"
 
-# Log file
-LOG_FILE="/var/log/cisco-vpn.log"
-mkdir -p "$(dirname "$LOG_FILE")" 2>/dev/null
+# Log directory and file (date-based rotation)
+LOG_DIR="/var/log/cisco-vpn"
+LOG_RETENTION_DAYS=7
+mkdir -p "$LOG_DIR" 2>/dev/null
+
+# Function to get current log file (changes daily)
+get_log_file() {
+    echo "$LOG_DIR/$(date '+%Y-%m-%d').log"
+}
+
+# Cleanup old log files (older than LOG_RETENTION_DAYS)
+cleanup_old_logs() {
+    find "$LOG_DIR" -name "*.log" -type f -mtime +$LOG_RETENTION_DAYS -delete 2>/dev/null
+}
 
 # Colors
 RED='\033[0;31m'
@@ -51,15 +62,16 @@ SKIP_AUTO_LOGIN=false
 DO_CONNECT=false
 DO_DISCONNECT=false
 
-# Logging function with timestamp - writes to both console and file
+# Logging function with timestamp - writes to both console and daily log file
 log() {
     local level="$1"
     local msg="$2"
     local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
     local timestamp_short=$(date '+%H:%M:%S')
+    local log_file=$(get_log_file)
 
     # Write to log file (plain text, no colors)
-    echo "[$timestamp] [$level] $msg" >> "$LOG_FILE"
+    echo "[$timestamp] [$level] $msg" >> "$log_file"
 
     # Write to console (with colors)
     case $level in
@@ -716,9 +728,12 @@ parse_args() {
 # Main
 parse_args "$@"
 
+# Cleanup old logs and start fresh
+cleanup_old_logs
+
 # Log script start
-echo "" >> "$LOG_FILE"
-echo "========================================" >> "$LOG_FILE"
+echo "" >> "$(get_log_file)"
+echo "========================================" >> "$(get_log_file)"
 log INFO "cisco-vpn script started"
 log DEBUG "VPN_EMAIL=$EMAIL"
 log DEBUG "VPN_HOST=$VPN_HOST"