Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Log file lifetime
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eivinn
Apprentice
Apprentice


Joined: 10 Jul 2002
Posts: 219
Location: Norway

PostPosted: Fri Dec 13, 2002 8:37 pm    Post subject: Log file lifetime Reply with quote

Hi,

How long back in time is it possible to view logfiles? Are they persistent, or is old data stored someplace other than in /var/log/mail ?

I'm currently testing my antispam mail setup and cannot find more than 4 days back in time in that directory.
Back to top
View user's profile Send private message
mooman
Apprentice
Apprentice


Joined: 06 Nov 2002
Posts: 175
Location: Vancouver, WA

PostPosted: Fri Dec 13, 2002 11:46 pm    Post subject: Reply with quote

Most log files have nightly (or other periodic) cron jobs that rename the most recent log and creates a new one. I don't recall seeing any that did any deleting, but I haven't studied them much under Gentoo...

While you're in build and debug mode, you might comment out some of the housecleaning cron functions and re-enable them when you're "stable" again...
_________________
Linux user off and on since circa 1995
Back to top
View user's profile Send private message
otulp
n00b
n00b


Joined: 22 Apr 2002
Posts: 31
Location: Norway

PostPosted: Sat Dec 14, 2002 1:25 am    Post subject: depends on logger Reply with quote

Hi!

It depends on what syslogger you are using, too. I use metalog, and it performs rotation by itself. If you also use metalog, try looking in '/etc/metalog/metalog.conf'.
Back to top
View user's profile Send private message
eivinn
Apprentice
Apprentice


Joined: 10 Jul 2002
Posts: 219
Location: Norway

PostPosted: Sat Dec 14, 2002 6:17 pm    Post subject: Reply with quote

Could maxfiles be the setting that I would need to change. Seems to be 5 by default. This means 5 mail-log files or?
Back to top
View user's profile Send private message
otulp
n00b
n00b


Joined: 22 Apr 2002
Posts: 31
Location: Norway

PostPosted: Sat Dec 14, 2002 7:54 pm    Post subject: Reply with quote

Yup. That is exactly what it means.

From mine:

Code:

maxsize  = 1000000
maxtime  = 86400
maxfiles = 60


This means the logger will try to keep each day in a separate file (86400s = 24h). Hoewever, if the file exeeds 1 000 000 bytes, it will be rotated earlier. A maximum of 60 log files are kept. In effect: 60 days worth of logging is kept.

Of course, for your logging problem, we are assuming that metalog is in charge of the logging. Just try to set the maxfiles to something sensible, restart (or hup) metalog, and see if more mail log files are kept...
Back to top
View user's profile Send private message
eivinn
Apprentice
Apprentice


Joined: 10 Jul 2002
Posts: 219
Location: Norway

PostPosted: Sun Dec 15, 2002 10:27 am    Post subject: Reply with quote

I am using metalog for sure. I have now set up logging for 60 days as you say. As I'm still in a learning fase (aren't we all) it's better if I'll be able to analyse the log files more further.

If anyone has a good advice on a easy and good network intrusion system I would be glad as well.

Thanks for help! :wink:
Back to top
View user's profile Send private message
rtn
Guru
Guru


Joined: 15 Nov 2002
Posts: 427

PostPosted: Mon Dec 16, 2002 4:54 pm    Post subject: Reply with quote

eivinn wrote:

If anyone has a good advice on a easy and good network intrusion system I would be glad as well.



Check out snort. I'm not sure I'd really classify it as 'easy' but it's
fairly robust and, of course, free. :D

--rtn
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum