Automatically Cleaning Up Logs with logrotate




Download 7,3 Mb.
Pdf ko'rish
bet120/125
Sana14.05.2024
Hajmi7,3 Mb.
#232858
1   ...   117   118   119   120   121   122   123   124   125
Bog'liq
linuxbasicsforhackers

Automatically Cleaning Up Logs with logrotate
Log files take up space, so if you don’t delete them periodically, they will 
eventually fill your entire hard drive. On the other hand, if you delete your 
log files too frequently, you won’t have logs to investigate at some future 
point in time. You can use 
logrotate
to determine the balance between 
these opposing requirements by rotating your logs.
Log rotation is the process of regularly archiving log files by moving them 
to some other location, leaving you with a fresh log file. That archived loca­
tion will then get cleaned up after a specified period of time.
Your system is already rotating log files using a 
cron
job that employs the 
logrotate
utility. You can configure the 
logrotate
utility to choose the regu­
larity of your log rotation with the /etc/logrotate.conf text file. Let’s open it 
with a text editor and take a look:
kali >
leafpad /etc/logrotate.conf

116
Chapter 11
You should see something like Listing 11­3.
# see "man logrotate" for details
# rotate log files weekly
u
weekly
# keep 4 weeks worth of backlogs
v
rotate 4
w
# create new (empty) log files after rotating old ones
create
x
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here
--
snip
--
Listing 11-3: The 
logrotate
 configuration file
First, you can set the unit of time your rotate numbers refer to 
u
. The 
default here is 
weekly
, meaning any number after the 
rotate
keyword always 
refers to weeks.
Further down, you can see the setting for how often to rotate logs—the 
default setting is to rotate logs every four weeks 
v
. This default configura­
tion will work for most people, but if you want to keep your logs longer for 
investigative purposes or shorter to clear them out quicker, this is the set­
ting you should change. For instance, if you check your log files every week 
and want to save storage space, you could change this setting to 
rotate 1
. If 
you have plenty of storage for your logs and want to keep a semi­permanent 
record for forensic analysis later, you could change this setting to 
rotate 26
to keep your logs for six months or 
rotate 52
to keep them for one year.
By default, a new empty log file is created when old ones are rotated 
out 
w
. As the comments in the configuration file advise, you can also 
choose to compress your rotated log files 
x

At the end of each rotation period, the log files are renamed and pushed 
toward the end of the chain of logs as a new log file is created, replacing the 
current log file. For instance, /var/log.auth will become /var/log.auth.1, then 
/var/log.auth.2, and so on. If you rotate logs every four weeks and keep four 
set of backups, you will have /var/log.auth.4, but no /var/log.auth.5, meaning 
that /var/log.auth.4 will be deleted rather than being pushed to /var/log/
auth.5. You can see this by using the 
locate
command to find /var/log/ 
auth.log log files with a wildcard, as shown here:
kali >

Download 7,3 Mb.
1   ...   117   118   119   120   121   122   123   124   125




Download 7,3 Mb.
Pdf ko'rish
Bosh sahifa
Aloqalar
    Bosh sahifa
Dərs
Mühazirə
Qaydalar
Referat
Xülasə
Yazı


Automatically Cleaning Up Logs with logrotate

Download 7,3 Mb.
Pdf ko'rish