logrotate

regard, lastcomm is more secure than SA. If the system is infiltrated, do not trust the information recorded in lastlog, utmp, and WTM, but do not ignore it because the information may have been modified. Someone may have replaced the WHO program to hide their ears. Generally, process accounting works effectively after suspicious activities are identified. Lastcomm can be used to isolate user activities or execute commands at specific times. 3. Use logrorate to manage audit files /Var/log/utmp,

automatically renamed "Secure.1", and then the new "secure" log is used to save the new log, and so on.(2) Logrotate configuration file (/etc/logrotate.conf) Parameters Description Daily The rotation cycle of the log is daily Weekly The rotation cycle of the journal is weekly Monthly The rotation cycle of the log is monthly Rotate Digital The number o

(server-side settings$Modload imtcp$InputTcpserver Run 514 (Uncomment the two lines#servicersyslog restart#netstat-tuln | grep 514#vi/etc/rsyslog.conf (Client settings* * @@192.168.210:514Check that the log server is set up:#useradd AA (on client)#passwd AA#vi/var/log/secure (View the host name of the event that occurredthird, the log rotation: The old log file moved and renamed, while creating a new blank log file, when the old log file beyond the scope of the save, will be deleted, renamed to

Aliyun I asked a lot of webmaster said very good, whether it is faster or from performance than other hosts better, but Aliyun is expensive so little, the following small set to give you introduce Aliyun server configuration and performance optimization Replace the Aliyun server for a while, compared to my previous virtual host is not a grade. For example, I was in the virtual host was put on the backdoor file, I put the files on the virtual host to the cloud server Shihuiun server immediately

$ModLoad imtcp$InputTCPServerRun 514Restart the Rsyslog service:[Email protected] log]#/etc/init.d/rsyslog restartView Port 514:[Email protected] log]# Netstat-nltup |grep 514TCP 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 13721/rsyslogdTCP 0 0::: 514:::* LISTEN 13721/RSYSLOGD(4) testClientGenerate logs on client[[email protected] log]# logger ' Hello word! '[[email protected] log]# cat/var/log/messages|grep ' Hello word! 'Nov 17:39:20 Zhishutang Root:hello word!ServerClient logs are successfully written t

was successfully output to the/var/log/userlog file.Command logger-it logger_test-p local3.notice the meaning of each option: -I: The process ID is recorded on each line; -T logger_test: Each line of records is labeled "Logger_test"; -P Local3.notice: Sets the log type and priority. Log dump log dumps are also called log back volumes or log rotations. Logs in Linux typically grow quickly, consume a lot of hard disk space, and need to be stored separately when the log file

Today, I changed the logo on the haproxy webpage and changed haproxy to cs2c load balance. Control the files displayed on the webpage in include/common/version. h. Copy the RPM package downloaded from the internet and write a spec file: Code highlighting produced by Actipro CodeHighlighter (freeware)http://www.CodeHighlighter.com/--> Summary: haproxy Load BalanceName: haproxyVersion: 1.4 . 9 Release: 1 License: GPLGROUP: linuxingSource: haproxy - 1.4 . 9 .Tar.gzURL: http: //

Create a logrotate configuration file$ vi/etc/logrotate.d/tomcatAdd the following content:/opt/entermediadb/tomcat/logs/catalina.out { copytruncate daily rotate 7 compress Missingok dateext Size 100m Parameter description:Specify the path to the log file. Copytruncate–creates a copy of the log file and then truncates the original to an empty file so that the service can Kee P on logging uninterrupted.daily–rotates the Catalina.out da

/CONF/nginx. conf/usr/local/nginx/CONF/nginx. conf. bak>/dev/null 2> 1cp/usr/local/nginx/CONF/nginx. conf. pre/usr/local/nginx/CONF/nginx. conf>/dev/null 2> 1cp/usr/local/nginx/CONF/nginx_logrotate/etc/logrotate. d/nginx>/dev/null 2> 1 chmod A + x/etc/logrotate. d/nginx>/dev/null 2> 1 chmod A + x/etc/rc. d/init. d/nginx>/dev/null 2> 1 chkconfig -- add nginxchkconfig nginx on/etc/init. d/nginx start % P

. conf/usr/local/nginx/conf/nginx. conf. bak>/dev/null 2> 1cp/usr/local/nginx/conf/nginx. conf. pre/usr/local/nginx/conf/nginx. conf>/dev/null 2> 1cp/usr/local/nginx/conf/nginx_logrotate/etc/logrotate. d/nginx>/dev/null 2> 1 chmod a + x/etc/logrotate. d/nginx>/dev/null 2> 1 chmod a + x/etc/rc. d/init. d/nginx>/dev/null 2> 1 chkconfig -- add nginxchkconfig nginx on/etc/init. d/nginx start% Preunif ps au

, and (or) E-mail them when appropriate. This tool saves some messy records from the old log files in/var/log. Generally, cron is used to run logrotate every day.Add an appropriate entry to/etc/logrotate. conf to manage your own log files, just like the Management SystemLog files are the same.Note: Stefano Falsetto creates a rottlog, which he thinks is an improved version of

modifying the file access permission allows others to read the logs. Configure the Linux Log File: logs should also be noticed by users. Do not underestimate the importance of log files for network security. Because log files can record various daily events of the system in detail, you can check the causes of errors through log files, or trace the attackers when they are attacked or attacked. Two important roles of logs are review and monitoring. The configured Linux Log is very powerful. For L

program response time should be used $upstream_response_time. Log Auto-segmentation: Using logrotate, first install logrotate, then add a file in/ETC/LOGROTATE.D (note that if Nginx is installed by Apt-get, the step is automatic, All program logs installed via Apt-get will automatically generate Logrotate configuration) configuration similar to logs/ngin

[Root @ localhost ~] # Cat/shell/ttserver/ttserver-clear.sh#! /Bin/bashFind/var/-name ttserver. log | xargs du-m>/shell/ttserver-log-listWhile read lineDoSIZE = $ (echo $ line | awk '{print $1 }')FILENAME = $ (echo $ line | awk '{print $2 }')If [$ SIZE-ge 500]ThenEcho $ FILENAMECp $ {FILENAME }$ {FILENAME}-$ (date + % Y % m % d)Cat/dev/null >$ {FILENAME}FiDone Logrotate[Root @ localhost logrotate. d] # cat

Common logsCommon logs are typically stored in/var/log.Common Log Viewing use: Ls/ll,cat/more/less view; Wtmp,lastlog use last and Lastlog to extract their informationConfiguration Log Newer Ubuntu collects logs using the Rsyslog (Rocket-fast System for log) program Rsyslog configuration file has two:/etc/rsyslog.conf (for configuring the logging Environment) and/etc/rsyslog.d/50-default.conf (for configuring filter conditions) Dump Log With the system running, more and more

serve.4. Rotation of log filesThe rotation of the log file is determined by the Logrotate configuration file, which is in/etc/logrotate.conf and/etc/logrotate.d/.The rotation of the log file is generally a process that begins with the first file messages, and when the rotation requirement is met, the file becomes messages.1 and a newMessages file, when you meet the rotation requirements again, Messages.1 will become messages.2, then messages into Mes

the "dateext" parameter, then the log will use the date as the suffix of the log file, such as "secure-20130603". In this case, the log file name does not overlap, so there is no need to rename the log files, just save the specified number of logs, delete the extra log files.Second: If there is no "dateext" parameter in the configuration file, then the log file needs to be renamed. When the first log rotation occurs, the current "secure" log is automatically renamed "Secure.1" and a new "secure

Article Title: the problem of large Linuxmessages files. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source. Yesterday, I suddenly saw the messages file reached 3.8G on my DHCP server. God, I have never carefully checked its log size and date. Although all my DHCP service logs are recorded in messages, I usually view the last part and the part being recorded. Fo

recorded in firewall. log, but also in/var/log syslog and messages records. This is troublesome because of the large log size. Look at the man of syslog. conf. There is another one! Function. added the syslog and messages definitions in the syslog. conf file! Local7. *. It feels good that syslog no longer records device logs from the syslog and messages files. 5. File size issuesThe maximum size of the syslog log file cannot exceed 2.5 GB. If the maximum size is exceeded, the log file will be s

good to know how to do this manually, this would was unsustainable for larger server environments.Managing Log Rotation Using LogrotateBy default, the Ubuntu sets up their own log rotation plan with logrotate.This program can take parameters and rotate logs when certain criteria is met. We can see what events cause Logrotate to swaps the Apache logs by looking in "/etc/logrotate.d/apache2":sudo nano/etc/logrotate.d/apache2Here, you can see some of th