Automatically Cleaning Up Logs with logrotate




Download 7,3 Mb.
Pdf ko'rish
bet110/115
Sana27.11.2023
Hajmi7,3 Mb.
#106243
1   ...   107   108   109   110   111   112   113   114   115
Bog'liq
linuxbasicsforhackers

Automatically Cleaning Up Logs with logrotate
Log files take up space, so if you don’t delete them periodically, they will 
eventually fill your entire hard drive. On the other hand, if you delete your 
log files too frequently, you won’t have logs to investigate at some future 
point in time. You can use 
logrotate
to determine the balance between 
these opposing requirements by rotating your logs.
Log rotation is the process of regularly archiving log files by moving them 
to some other location, leaving you with a fresh log file. That archived loca­
tion will then get cleaned up after a specified period of time.
Your system is already rotating log files using a 
cron
job that employs the 
logrotate
utility. You can configure the 
logrotate
utility to choose the regu­
larity of your log rotation with the /etc/logrotate.conf text file. Let’s open it 
with a text editor and take a look:
kali >leafpad /etc/logrotate.conf


116
Chapter 11
You should see something like Listing 11­3.
# see "man logrotate" for details
# rotate log files weekly
u
weekly
# keep 4 weeks worth of backlogs
v
rotate 4
w
# create new (empty) log files after rotating old ones
create
x
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here
--snip--
Listing 11-3: The logrotate configuration file
First, you can set the unit of time your rotate numbers refer to u. The 
default here is 
weekly
, meaning any number after the 
rotate
keyword always 
refers to weeks.
Further down, you can see the setting for how often to rotate logs—the 
default setting is to rotate logs every four weeks v. This default configura­
tion will work for most people, but if you want to keep your logs longer for 
investigative purposes or shorter to clear them out quicker, this is the set­
ting you should change. For instance, if you check your log files every week 
and want to save storage space, you could change this setting to 
rotate 1
. If 
you have plenty of storage for your logs and want to keep a semi­permanent 
record for forensic analysis later, you could change this setting to 
rotate 26
to keep your logs for six months or 
rotate 52
to keep them for one year.
By default, a new empty log file is created when old ones are rotated 
out w. As the comments in the configuration file advise, you can also 
choose to compress your rotated log files x. 
At the end of each rotation period, the log files are renamed and pushed 
toward the end of the chain of logs as a new log file is created, replacing the 
current log file. For instance, /var/log.auth will become /var/log.auth.1, then 
/var/log.auth.2, and so on. If you rotate logs every four weeks and keep four 
set of backups, you will have /var/log.auth.4, but no /var/log.auth.5, meaning 
that /var/log.auth.4 will be deleted rather than being pushed to /var/log/
auth.5. You can see this by using the 
locate
command to find /var/log/ 
auth.log log files with a wildcard, as shown here:
kali >ls /var/log/auth.log*
/var/log/auth.log.1


The Logging System
117
/var/log/auth.log.2
/var/log/auth.log.3
/var/log/auth.log.4
For more details on the many ways to customize and use the 
logrotate
utility, see the 
man logrotate
page. This is an excellent resource to learn 
about the functions you can use and the variables you can change to cus­
tomize how your logs are handled. Once you become more familiar with 
Linux, you’ll get a better sense of how often you need to log and what 
options you prefer, so it’s worth revisiting the logrotate.conf file.

Download 7,3 Mb.
1   ...   107   108   109   110   111   112   113   114   115




Download 7,3 Mb.
Pdf ko'rish

Bosh sahifa
Aloqalar

    Bosh sahifa



Automatically Cleaning Up Logs with logrotate

Download 7,3 Mb.
Pdf ko'rish