HOWTO Setup Logrotate: Difference between revisions

From Research
Jump to navigation Jump to search
No edit summary
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 13: Line 13:


Edit the portion of /etc/logrotate.d/syslog-ng to look like this:
Edit the portion of /etc/logrotate.d/syslog-ng to look like this:
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $
#
# Syslog-ng logrotate snippet for Hardened Gentoo Linux
# contributed by Maciej Grela
#
# Updated bug #284669
# Generic
/var/log/debug /var/log/syslog /var/log/kern.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# System services
/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# User log
/var/log/user.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# News system
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# Mail system
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# Hardened logs
/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
  # Authentication
  # Authentication
  /var/log/auth.log {
  /var/log/auth.log {
     weekly
     sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# my sensors data
/var/log/sensord {
    sharedscripts
    missingok
    compress
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
# the rest
/var/log/messages {
     sharedscripts
     sharedscripts
     missingok
     missingok
    compress
     postrotate
     postrotate
    /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
    endscript
  }
  }

Latest revision as of 17:15, 8 January 2016

Biggest headache is that /var/log/auth.log and vsftpd.log do not rotate :-(

Fix this by creating /etc/logrotate.d/vsftpd:

/var/log/vsftpd.log {
    weekly
    sharedscripts
    missingok
    notifempty
    postrotate
    /etc/init.d/vsftpd restart > /dev/null 2>&1 || true
    endscript
}

Edit the portion of /etc/logrotate.d/syslog-ng to look like this:

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $
#
# Syslog-ng logrotate snippet for Hardened Gentoo Linux
# contributed by Maciej Grela
#
# Updated bug #284669

# Generic
/var/log/debug /var/log/syslog /var/log/kern.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# System services
/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# User log
/var/log/user.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# News system
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# Mail system
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# Hardened logs
/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# Authentication
/var/log/auth.log {
    sharedscripts
    compress
    missingok
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# my sensors data
/var/log/sensord {
    sharedscripts
    missingok
    compress
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}

# the rest
/var/log/messages {
    sharedscripts
    missingok
    compress
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}