| View previous topic :: View next topic |
| Author |
Message |
eivinn
Apprentice
Joined: 10 Jul 2002
Posts: 219
Location: Norway
|
 Posted: Fri Dec 13, 2002 8:37 pm Post subject: Log file lifetime |
 |
|
Hi,
How long back in time is it possible to view logfiles? Are they persistent, or is old data stored someplace other than in /var/log/mail ?
I'm currently testing my antispam mail setup and cannot find more than 4 days back in time in that directory. |
|
| Back to top |
|
 |
mooman
Apprentice
Joined: 06 Nov 2002
Posts: 175
Location: Vancouver, WA
|
| Posted: Fri Dec 13, 2002 11:46 pm Post subject: |
|
|
Most log files have nightly (or other periodic) cron jobs that rename the most recent log and creates a new one. I don't recall seeing any that did any deleting, but I haven't studied them much under Gentoo...
While you're in build and debug mode, you might comment out some of the housecleaning cron functions and re-enable them when you're "stable" again...
_________________
Linux user off and on since circa 1995 |
|
| Back to top |
|
|
otulp
n00b
Joined: 22 Apr 2002
Posts: 31
Location: Norway
|
| Posted: Sat Dec 14, 2002 1:25 am Post subject: depends on logger |
|
|
Hi!
It depends on what syslogger you are using, too. I use metalog, and it performs rotation by itself. If you also use metalog, try looking in '/etc/metalog/metalog.conf'. |
|
| Back to top |
|
|
eivinn
Apprentice
Joined: 10 Jul 2002
Posts: 219
Location: Norway
|
| Posted: Sat Dec 14, 2002 6:17 pm Post subject: |
|
|
| Could maxfiles be the setting that I would need to change. Seems to be 5 by default. This means 5 mail-log files or? |
|
| Back to top |
|
|
otulp
n00b
Joined: 22 Apr 2002
Posts: 31
Location: Norway
|
| Posted: Sat Dec 14, 2002 7:54 pm Post subject: |
|
|
Yup. That is exactly what it means.
From mine:
| Code: |
maxsize = 1000000
maxtime = 86400
maxfiles = 60
|
This means the logger will try to keep each day in a separate file (86400s = 24h). Hoewever, if the file exeeds 1 000 000 bytes, it will be rotated earlier. A maximum of 60 log files are kept. In effect: 60 days worth of logging is kept.
Of course, for your logging problem, we are assuming that metalog is in charge of the logging. Just try to set the maxfiles to something sensible, restart (or hup) metalog, and see if more mail log files are kept... |
|
| Back to top |
|
|
eivinn
Apprentice
Joined: 10 Jul 2002
Posts: 219
Location: Norway
|
| Posted: Sun Dec 15, 2002 10:27 am Post subject: |
|
|
I am using metalog for sure. I have now set up logging for 60 days as you say. As I'm still in a learning fase (aren't we all) it's better if I'll be able to analyse the log files more further.
If anyone has a good advice on a easy and good network intrusion system I would be glad as well.
Thanks for help!  |
|
| Back to top |
|
|
rtn
Guru
Joined: 15 Nov 2002
Posts: 427
|
| Posted: Mon Dec 16, 2002 4:54 pm Post subject: |
|
|
| eivinn wrote: |
If anyone has a good advice on a easy and good network intrusion system I would be glad as well.
|
Check out snort. I'm not sure I'd really classify it as 'easy' but it's
fairly robust and, of course, free. 
--rtn |
|
| Back to top |
|
|
|
Networking & Security
