LOG-file

---

increase system log message

Edit Log File - Webmin->system->Log File Rotation

1) Rotation schedule-> Monthly

2) Number of old logs to keep-> 12

save

                                                                      OR

# vim /etc/logrotate.d/syslog

----------------------------

/var/log/cron

/var/log/maillog

/var/log/messages

/var/log/secure

/var/log/spooler                            

{                                                   #-> Original File

    missingok

    sharedscripts

    postrotate

        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

    endscript

}

---Edit-------Monthly  - 12 File ---------------------------

/var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler {

        missingok

        sharedscripts

        postrotate

        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

        endscript

        monthly

        rotate 12

}

------------------------------------

service rsyslog restart

---------- On CentOS, RHEL and Fedora ---------- 

#  yum -y install logrotate

#    dnf install logrotate -y

# cat /etc/rsyslog.conf *.info;mail.none;authpriv.none;cron.none                /var/log/messages authpriv.*                                              /var/log/secure mail.*                                                  -/var/log/maillog cron.*                                                  /var/log/cron *.emerg                                                 * uucp,news.crit                                          /var/log/spooler local7.*                                                /var/log/boot.log

#  vi /etc/logrotate.conf

weekly rotate 4 create include /etc/logrotate.d /var/log/wtmp {     monthly     minsize 1M     create 0664 root utmp     rotate 1 }

As per the above logrotate configuration file the logs are rotated every week (renaming the existing log to filename.number order):

minsize 1M – logrotate runs and trims the messages files if the file size is equal to or greater than 1 MB.

rotate 4 – keep the most recent 4 files while rotating.

create – create new file while rotating with specified permission and ownership.

include – include the files mentioned here for the daemon specific log rotation settings.

# ls -l /var/log/messages* -rw------- 1 root root   1973 Jun 10 15:07 /var/log/messages -rw------- 1 root root  10866 Jun  6 04:02 /var/log/messages.1 -rw------- 1 root root  19931 May 30 04:02 /var/log/messages.2 -rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3 -rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4

------------------------------------------------------------------------------------------------------------------

[root@]#  cp /etc/logrotate.d/syslog  cp /etc/logrotate.d/syslog.ORG

[root@]#  vi /etc/logrotate.d/syslog 

/var/log/cron

/var/log/maillog

/var/log/messages

/var/log/secure

/var/log/spooler

{

    sharedscripts

    postrotate

        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

    endscript

}

                            ---  just ADD --------------

/var/log/cron

/var/log/maillog

/var/log/messages

/var/log/secure

/var/log/spooler

{

        monthly

rotate 12

size 100M

compress

delaycompress

missingok

notifempty

create 644 root root

        sharedscripts

       postrotate

        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

    endscript

}

                             ******************************************************************************************************

For RHEL 6 :

# service rsyslogd restart

For RHEL 7 :

# systemctl restart rsyslog

Let’s take a look at the configuration file of the dpkg package manager tool.

$ cat -n /etc/logrotate.d/dpkg

• • /var/log/dpkg.log {

  • monthly

  • rotate 12

  • size 100M

  • compress

  • delaycompress

  • missingok

  • notifempty

  • create 644 root root

  • }

  • monthly: This instructs rotation of log files once in a month

  • rotate 12: 12 old log files are backed up.

  • compress: This implies that rotated files are to be compressed using the default gzip compression with log files having a .gz file extension.

  • Create 644 root root: Creates a new log file as soon as log rotation is completed with octal file permissions of 644 with user and group ownership of root.

  • missingok: The directive suppresses error messages in the event of a missing log file.

  • notifempty: This ignores file rotation if the log file is empty.

# vim /etc/logrotate.d/supervisor /var/log/supervisor/superviz.log {         daily         create 0640 root root         missingok         dateext         rotate 3         size=1M         notifempty         sharedscripts         mail alain@linoxide.com }

 --------------------X-------------------------

Enable clamd by editing /etc/clamd.d/scan.conf like this:

Create the log file:

Now enable and start the service:

What’s in these Linux Logs?

• • /var/log/syslog or /var/log/messages:

  • Shows general messages and info regarding the system. Basically a data log of all activity throughout the global system. Know that everything that happens on Redhat-based systems, like CentOS or Rhel, will go in messages. Whereas for Ubuntu and other Debian systems, they go in Syslog.

  • /var/log/auth.log or /var/log/secure:

  • Keep authentication logs for both successful or failed logins, and authentication processes. Storage depends on system type. For Debian/Ubuntu, look in /var/log/auth.log. For Redhat/CentrOS, go to /var/log/secure.

  • /var/log/boot.log: start-up messages and boot info.

  • /var/log/maillog or var/log/mail.log: is for mail server logs, handy for postfix, smtpd, or email-related services info running on your server.

  • /var/log/kern: keeps in Kernel logs and warning info. Also useful to fix problems with custom kernels.

  • /var/log/dmesg: a repository for device driver messages. Use dmesg to see messages in this file.

  • /var/log/faillog: records info on failed logins. Hence, handy for examining potential security breaches like login credential hacks and brute-force attacks.

  • /var/log/cron: keeps a record of Crond-related messages (cron jobs). Like when the cron daemon started a job.

  • /var/log/daemon.log: keeps track of running background services but doesn’t represent them graphically.

  • /var/log/btmp: keeps a note of all failed login attempts.

  • /var/log/utmp: current login state by user.

  • /var/log/wtmp: record of each login/logout.

  • /var/log/lastlog: holds every user’s last login. A binary file you can read via lastlog command.

  • /var/log/yum.log: holds data on any package installations that used the yum command. So you can check if all went well.

  • /var/log/httpd/: a directory containing error_log and access_log files of the Apache httpd daemon. Every error that httpd comes across is kept in the error_log file. Think of memory problems and other system-related errors. access_log logs all requests which come in via HTTP.

  • /var/log/mysqld.log or /var/log/mysql.log : MySQL log file that records every  debug, failure and success message, including starting, stopping and restarting of MySQL daemon mysqld. The system decides on the directory. RedHat, CentOS, Fedora, and other RedHat-based systems use /var/log/mariadb/mariadb.log. However, Debian/Ubuntu use /var/log/mysql/error.log directory.

  • /var/log/pureftp.log: monitors for FTP connections using the pureftp process. Find data on every connection, FTP login, and authentication failure here.

  • /var/log/spooler: Usually contains nothing, except rare messages from USENET.

  • /var/log/xferlog: keeps FTP file transfer sessions. Includes info like file names and user-initiated FTP transfers.

-----------