Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux Journal: Linux's Tell-Tale Heart, Part 3

Jul 16, 2000, 19:55 (0 Talkback[s])
(Other stories by Marcel Gagné)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"Trimming Monster Logs and Advanced Cracker Detection."

"Welcome back, everyone, to the SysAdmin's Corner. It is time once again to delve deep into the soul of your Linux system, to grasp its subtle mysteries, and to maybe, just maybe, catch a cracker before he does damage."

"Log files can get pretty large. An active server is a talkative one, and talk from your Linux system means log entries. Lots of log entries. Over the years, I've seen log files grow unchecked until the system crashes for lack of disk space. Sure, now that we all have 40GB drives on our PCs, it's not as bad, but a mess is a mess and needs cleaning from time to time. I've made jokes about the old days where, without the logrotate command, I had to trim my own log files and walk 14 miles to school (uphill, both directions). Well, the logfile trimming part is true, and somewhere along the way, it occurred to me that not everybody has logrotate on their system."

"In case you don't know, logrotate is a nifty little utility written by Erik Troan that takes care of all this ugly business of archiving logs and recreating them. If you are running Red Hat, you almost certainly have logrotate running. In fact, you should see an entry for it in your /etc/cron.daily directory. This is a simple script that calls logrotate with the default configuration, at /etc/logrotate.conf. Another giveaway is the presence of files in your /var/log directory with .1, .2, .3 and .4 extensions. Before I get into the gory details of log rotation, I should probably tell you that the times for execution of your cron.daily, cron.weekly and cron.some_time files can be found in /etc/crontab. This is just a text file, and you can view it with cat /etc/crontab."

Complete Story

Related Stories: