LOG-file
---
increase system log message
Edit Log File - Webmin->system->Log File Rotation
1) Rotation schedule-> Monthly
2) Number of old logs to keep-> 12
save
OR
# vim /etc/logrotate.d/syslog
----------------------------
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{ #-> Original File
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
---Edit-------Monthly - 12 File ---------------------------
/var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler {
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
monthly
rotate 12
}
------------------------------------
service rsyslog restart
---------- On CentOS, RHEL and Fedora ----------
# yum -y install logrotate
# dnf install logrotate -y
# cat /etc/rsyslog.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
# vi /etc/logrotate.conf
weekly rotate 4 create include /etc/logrotate.d /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 }
As per the above logrotate configuration file the logs are rotated every week (renaming the existing log to filename.number order):
minsize 1M – logrotate runs and trims the messages files if the file size is equal to or greater than 1 MB.
rotate 4 – keep the most recent 4 files while rotating.
create – create new file while rotating with specified permission and ownership.
include – include the files mentioned here for the daemon specific log rotation settings.
# ls -l /var/log/messages* -rw------- 1 root root 1973 Jun 10 15:07 /var/log/messages -rw------- 1 root root 10866 Jun 6 04:02 /var/log/messages.1 -rw------- 1 root root 19931 May 30 04:02 /var/log/messages.2 -rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3 -rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4
------------------------------------------------------------------------------------------------------------------
[root@]# cp /etc/logrotate.d/syslog cp /etc/logrotate.d/syslog.ORG
[root@]# vi /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
--- just ADD --------------
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
monthly
rotate 12
size 100M
compress
delaycompress
missingok
notifempty
create 644 root root
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
******************************************************************************************************
For RHEL 6 :
# service rsyslogd restart
For RHEL 7 :
# systemctl restart rsyslog
Let’s take a look at the configuration file of the dpkg package manager tool.
$ cat -n /etc/logrotate.d/dpkg
/var/log/dpkg.log {
monthly
rotate 12
size 100M
compress
delaycompress
missingok
notifempty
create 644 root root
}
monthly: This instructs rotation of log files once in a month
rotate 12: 12 old log files are backed up.
compress: This implies that rotated files are to be compressed using the default gzip compression with log files having a .gz file extension.
Create 644 root root: Creates a new log file as soon as log rotation is completed with octal file permissions of 644 with user and group ownership of root.
missingok: The directive suppresses error messages in the event of a missing log file.
notifempty: This ignores file rotation if the log file is empty.
# vim /etc/logrotate.d/supervisor /var/log/supervisor/superviz.log { daily create 0640 root root missingok dateext rotate 3 size=1M notifempty sharedscripts mail alain@linoxide.com }
--------------------X-------------------------
Enable clamd by editing /etc/clamd.d/scan.conf like this:
# Example
LogFile /var/log/clamd.scan
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamd.scan/clamd.pid
LocalSocket /var/run/clamd.scan/clamd.sock
Create the log file:
touch /var/log/clamd.scan
chown :clamscan $_
chmod 0660 $_
Now enable and start the service:
systemctl enable clamd@scan
systemctl start clamd@scan
systemctl status clamd@scan
What’s in these Linux Logs?
/var/log/syslog or /var/log/messages:
Shows general messages and info regarding the system. Basically a data log of all activity throughout the global system. Know that everything that happens on Redhat-based systems, like CentOS or Rhel, will go in messages. Whereas for Ubuntu and other Debian systems, they go in Syslog.
/var/log/auth.log or /var/log/secure:
Keep authentication logs for both successful or failed logins, and authentication processes. Storage depends on system type. For Debian/Ubuntu, look in /var/log/auth.log. For Redhat/CentrOS, go to /var/log/secure.
/var/log/boot.log: start-up messages and boot info.
/var/log/maillog or var/log/mail.log: is for mail server logs, handy for postfix, smtpd, or email-related services info running on your server.
/var/log/kern: keeps in Kernel logs and warning info. Also useful to fix problems with custom kernels.
/var/log/dmesg: a repository for device driver messages. Use dmesg to see messages in this file.
/var/log/faillog: records info on failed logins. Hence, handy for examining potential security breaches like login credential hacks and brute-force attacks.
/var/log/cron: keeps a record of Crond-related messages (cron jobs). Like when the cron daemon started a job.
/var/log/daemon.log: keeps track of running background services but doesn’t represent them graphically.
/var/log/btmp: keeps a note of all failed login attempts.
/var/log/utmp: current login state by user.
/var/log/wtmp: record of each login/logout.
/var/log/lastlog: holds every user’s last login. A binary file you can read via lastlog command.
/var/log/yum.log: holds data on any package installations that used the yum command. So you can check if all went well.
/var/log/httpd/: a directory containing error_log and access_log files of the Apache httpd daemon. Every error that httpd comes across is kept in the error_log file. Think of memory problems and other system-related errors. access_log logs all requests which come in via HTTP.
/var/log/mysqld.log or /var/log/mysql.log : MySQL log file that records every debug, failure and success message, including starting, stopping and restarting of MySQL daemon mysqld. The system decides on the directory. RedHat, CentOS, Fedora, and other RedHat-based systems use /var/log/mariadb/mariadb.log. However, Debian/Ubuntu use /var/log/mysql/error.log directory.
/var/log/pureftp.log: monitors for FTP connections using the pureftp process. Find data on every connection, FTP login, and authentication failure here.
/var/log/spooler: Usually contains nothing, except rare messages from USENET.
/var/log/xferlog: keeps FTP file transfer sessions. Includes info like file names and user-initiated FTP transfers.
-----------