Ø /etc/syslog.conf
·
The
Syslog daemon logs any notable events on your local system. It can store that
logs in local file or send them to a remote log host for added security.
·
It
can also accept the logs from other
machines when acting as a remote log host
*.info;
mail.none; news.none; authpriv.none; crone.none /var/log/messages
authpriv.* /var/log/secure ---authprivilege
mail.* /var/log/maillog ---mail logs
cron.* /var/log/cron ---cron logs
*.emerg * --everybody gets messages
uucp.news.crit /var/log/spooler
Ø logrotate.conf
ü
logrotate.conf
and the files within logrotate.d determine how often your log files are rotated
by the logrotate program
ü
logrotate
can automatically rotate, compress, remove and mail your log files.
ü
Log
files can be rotated based on size or on time, such as daily, weekly or monthly
ü
Logrotate.conf
#rotate
log files weekly
Weekly
#keep
4 weeks’ worth of backlogs
rotate
4
#create
new empty log files after rotating old ones
Create
#your
log files compressed
Compress
#RPM
packages drop log rotation information into this directory
Include
/etc/logrotate.d
#nopackges
own lastlog or wtmp
/var/log/wtmp
{
monthly
create 0664 root wtmp
rotate 1
}
Ø Logwatch searches log files for
suspicious activity
·
/usr/share/logwatch/
·
/etc/logwatch/conf/logwatch.conf
·
/etc/logwatch/scripts
Ø Increasing Loglevel from Info to
Debug to aid with troubleshooting
No comments:
Post a Comment