| 1 |
Walter Dnes wrote: |
| 2 |
> On another thread, I had to dive into into /var/log/messages, and I |
| 3 |
> realized that it was not being rotated. It's 32 megabytes+, most of |
| 4 |
> which is iptables reject messages for Facebook trackers. What do I need |
| 5 |
> to do to get log rotation working? |
| 6 |
> |
| 7 |
> /etc/logrotate.conf |
| 8 |
> |
| 9 |
> ######################################################################## |
| 10 |
> |
| 11 |
> # |
| 12 |
> # Default logrotate(8) configuration file for Gentoo Linux. |
| 13 |
> # See "man logrotate" for details. |
| 14 |
> |
| 15 |
> # rotate log files weekly. |
| 16 |
> weekly |
| 17 |
> #daily |
| 18 |
> |
| 19 |
> # keep 4 weeks worth of backlogs. |
| 20 |
> rotate 4 |
| 21 |
> |
| 22 |
> # create new (empty) log files after rotating old ones. |
| 23 |
> create |
| 24 |
> |
| 25 |
> # use date as a suffix of the rotated file. |
| 26 |
> dateext |
| 27 |
> |
| 28 |
> # compress rotated log files. |
| 29 |
> compress |
| 30 |
> |
| 31 |
> notifempty |
| 32 |
> nomail |
| 33 |
> noolddir |
| 34 |
> |
| 35 |
> # packages can drop log rotation information into this directory. |
| 36 |
> include /etc/logrotate.d |
| 37 |
> |
| 38 |
> # no packages own wtmp and btmp -- we'll rotate them here. |
| 39 |
> /var/log/wtmp { |
| 40 |
> monthly |
| 41 |
> create 0664 root utmp |
| 42 |
> minsize 1M |
| 43 |
> rotate 1 |
| 44 |
> } |
| 45 |
> /var/log/btmp { |
| 46 |
> missingok |
| 47 |
> monthly |
| 48 |
> create 0600 root utmp |
| 49 |
> rotate 1 |
| 50 |
> } |
| 51 |
> |
| 52 |
> # system-specific logs may be also be configured here. |
| 53 |
> |
| 54 |
> ######################################################################## |
| 55 |
> |
| 56 |
> /etc/logrotate.d contains... |
| 57 |
> dcron elog-save-summary hibernate-script openrc rsyncd syslog-ng |
| 58 |
> |
| 59 |
> ######################################################################## |
| 60 |
> |
| 61 |
> And maybe either stop logging Facebook, or else log iptables messages |
| 62 |
> to a separate file (how is that done?). The Facebook tracker messages |
| 63 |
> are generated by iptables rules... |
| 64 |
> |
| 65 |
> -A INPUT -s 31.13.24.0/21 -j FECESBOOK |
| 66 |
> -A INPUT -s 31.13.64.0/18 -j FECESBOOK |
| 67 |
> -A INPUT -s 66.220.144.0/20 -j FECESBOOK |
| 68 |
> -A INPUT -s 69.63.176.0/20 -j FECESBOOK |
| 69 |
> -A INPUT -s 69.171.224.0/19 -j FECESBOOK |
| 70 |
> -A INPUT -s 74.119.76.0/22 -j FECESBOOK |
| 71 |
> -A INPUT -s 103.4.96.0/22 -j FECESBOOK |
| 72 |
> -A INPUT -s 173.252.64.0/18 -j FECESBOOK |
| 73 |
> -A INPUT -s 204.15.20.0/22 -j FECESBOOK |
| 74 |
> |
| 75 |
> -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK |
| 76 |
> -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK |
| 77 |
> -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK |
| 78 |
> -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK |
| 79 |
> -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK |
| 80 |
> -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK |
| 81 |
> -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK |
| 82 |
> -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK |
| 83 |
> -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK |
| 84 |
> |
| 85 |
> -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6 |
| 86 |
> -A FECESBOOK -j REJECT --reject-with icmp-port-unreachable |
| 87 |
> |
| 88 |
|
| 89 |
|
| 90 |
I may be missing something but this is what I could find on my system. |
| 91 |
|
| 92 |
|
| 93 |
root@fireball / # cat /etc/cron.daily/logrotate |
| 94 |
#!/bin/sh |
| 95 |
|
| 96 |
/usr/bin/logrotate /etc/logrotate.conf |
| 97 |
EXITVALUE=$? |
| 98 |
if [ $EXITVALUE != 0 ]; then |
| 99 |
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" |
| 100 |
fi |
| 101 |
exit $EXITVALUE |
| 102 |
root@fireball / # cat /etc/logrotate.d/syslog-ng |
| 103 |
# |
| 104 |
# Syslog-ng logrotate snippet for Gentoo Linux |
| 105 |
# contributed by Michael Sterrett |
| 106 |
# |
| 107 |
|
| 108 |
/var/log/messages { |
| 109 |
delaycompress |
| 110 |
missingok |
| 111 |
sharedscripts |
| 112 |
postrotate |
| 113 |
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
| 114 |
endscript |
| 115 |
} |
| 116 |
root@fireball / # |
| 117 |
|
| 118 |
|
| 119 |
Basically, it's two files, that I can find anyway. One is to run it as |
| 120 |
a cron and the other tells it what to rotate. If you duplicate that, it |
| 121 |
should help. Of course, make sure whatever cron you are using is |
| 122 |
running as well. |
| 123 |
|
| 124 |
Hope that helps. |
| 125 |
|
| 126 |
Dale |
| 127 |
|
| 128 |
:-) :-) |
Archives