HOWTO Setup Logrotate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
Edit the portion of /etc/logrotate.d/syslog-ng to look like this: | Edit the portion of /etc/logrotate.d/syslog-ng to look like this: | ||
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $ | |||
# | |||
# Syslog-ng logrotate snippet for Hardened Gentoo Linux | |||
# contributed by Maciej Grela | |||
# | |||
# Updated bug #284669 | |||
# Generic | |||
/var/log/debug /var/log/syslog /var/log/kern.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# System services | |||
/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# User log | |||
/var/log/user.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# News system | |||
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Mail system | |||
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Hardened logs | |||
/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log { | |||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# Authentication | # Authentication | ||
/var/log/auth.log { | /var/log/auth.log { | ||
sharedscripts | |||
compress | |||
missingok | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# my sensors data | |||
/var/log/sensord { | |||
sharedscripts | |||
missingok | |||
compress | |||
postrotate | |||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | |||
# the rest | |||
/var/log/messages { | |||
sharedscripts | sharedscripts | ||
missingok | missingok | ||
compress | |||
postrotate | postrotate | ||
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true | |||
endscript | |||
} | } | ||
Revision as of 17:15, 8 January 2016
Biggest headache is that /var/log/auth.log and vsftpd.log do not rotate :-(
Fix this by creating /etc/logrotate.d/vsftpd:
/var/log/vsftpd.log {
weekly
sharedscripts
missingok
notifempty
postrotate
/etc/init.d/vsftpd restart > /dev/null 2>&1 || true
endscript
}
Edit the portion of /etc/logrotate.d/syslog-ng to look like this:
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $
#
# Syslog-ng logrotate snippet for Hardened Gentoo Linux
# contributed by Maciej Grela
#
# Updated bug #284669
# Generic
/var/log/debug /var/log/syslog /var/log/kern.log {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# System services
/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# User log
/var/log/user.log {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# News system
/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# Mail system
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# Hardened logs
/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# Authentication
/var/log/auth.log {
sharedscripts
compress
missingok
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# my sensors data
/var/log/sensord {
sharedscripts
missingok
compress
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
# the rest
/var/log/messages {
sharedscripts
missingok
compress
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}