HOWTO Setup Logrotate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 13: | Line 13: | ||
Edit the portion of /etc/logrotate.d/syslog-ng to look like this: | Edit the portion of /etc/logrotate.d/syslog-ng to look like this: | ||
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $ | |||
# | |||
# Syslog-ng logrotate snippet for Hardened Gentoo Linux | |||
# contributed by Maciej Grela | |||
# | |||
# Updated bug #284669 | |||
# Generic | |||
/var/log/debug /var/log/syslog /var/log/kern.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# System services | |||
/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# User log | |||
/var/log/user.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# News system | |||
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Mail system | |||
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Hardened logs | |||
/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Authentication | # Authentication | ||
/var/log/auth.log { | /var/log/auth.log { | ||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# my sensors data | |||
/var/log/sensord { | |||
sharedscripts | |||
missingok | |||
compress | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# the rest | |||
/var/log/messages { | |||
sharedscripts | sharedscripts | ||
missingok | missingok | ||
compress | |||
postrotate | postrotate | ||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | } |
Latest revision as of 17:15, 8 January 2016
Biggest headache is that /var/log/auth.log and vsftpd.log do not rotate :-(
Fix this by creating /etc/logrotate.d/vsftpd:
/var/log/vsftpd.log { weekly sharedscripts missingok notifempty postrotate /etc/init.d/vsftpd restart > /dev/null 2>&1 || true endscript }
Edit the portion of /etc/logrotate.d/syslog-ng to look like this:
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $ # # Syslog-ng logrotate snippet for Hardened Gentoo Linux # contributed by Maciej Grela # # Updated bug #284669 # Generic /var/log/debug /var/log/syslog /var/log/kern.log { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # System services /var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # User log /var/log/user.log { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # News system /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # Mail system /var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # Hardened logs /var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # Authentication /var/log/auth.log { sharedscripts compress missingok postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # my sensors data /var/log/sensord { sharedscripts missingok compress postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript } # the rest /var/log/messages { sharedscripts missingok compress postrotate /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true endscript }