build:logging
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
build:logging [2005/03/04 09:01] 24.217.122.10 created |
build:logging [2018/05/28 02:10] (current) SLUUG Administration [logrotate.conf] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Logging ====== | ====== Logging ====== | ||
| - | what is logged, to where, reports, and to whom | + | |
| + | What is logged, to where, reports, and to whom. | ||
| ===== Access ===== | ===== Access ===== | ||
| + | |||
| ===== Installation ===== | ===== Installation ===== | ||
| - | ===== Changes ===== | + | Installed as the default Debian logging setup. |
| - | //Please post changes here in the format of: [H4] date|your name [/H4] [CR]description of chages made// | + | |
| - | === Feburary 19 2005 | Install Group === | ||
| - | Initial instalation of default Debian logging. | ||
| + | ==== /etc/klogd/default ==== | ||
| + | |||
| + | Change KLOGD line to read: | ||
| + | <file> | ||
| + | KLOGD="-c 5" | ||
| + | </file> | ||
| + | to turn off console messages for lower priority messages. | ||
| + | |||
| + | Technically, we should be changing the ''kernel.printk'' line in ''/etc/sysctl.conf'' instead, but that has not yet been tested. | ||
| + | |||
| + | |||
| + | ==== logrotate.conf ==== | ||
| + | |||
| + | Edit ''/etc/logrotate.conf'' to change the ''rotate'' option for ''/var/log/wtmp'' from ''1'' to ''25'', and ''/var/log/btmp'' from ''1'' to ''13''. | ||
| + | |||
| + | === Later changes and corrections === | ||
| + | |||
| + | Add option ''dateext'' to change the naming convention of adding | ||
| + | generation numbers ".1", ".2", etc. to the "-yyyymmdd" format. | ||
| + | Also manually rename all existing log files to the new format. | ||
| + | Note this is the default in later releases. | ||
| + | |||
| + | Fix incorrect permissions for the ''/var/log/btmp'' entry | ||
| + | from ''0660'' to ''0600''. | ||
| + | Also chmod existing files to make the same change. | ||
| + | This is a well known bug fixed in later releases, but should be verified. | ||
| + | ==== syslog.conf ==== | ||
| + | |||
| + | Everything at level of info other than kern.info and mail.info goes to /var/log/messages. That was accomplished with: | ||
| + | |||
| + | news.info;daemon.info;\ | ||
| + | auth.info;authpriv.info;\ | ||
| + | cron.info;syslog.info;\ | ||
| + | user.info -/var/log/messages | ||
| + | |||
| + | |||
| + | OLD: | ||
| + | # /etc/syslog.conf Configuration file for syslogd. | ||
| + | # | ||
| + | # For more information see syslog.conf(5) | ||
| + | # manpage. | ||
| + | | ||
| + | # | ||
| + | # First some standard logfiles. Log by facility. | ||
| + | # | ||
| + | | ||
| + | auth,authpriv.* /var/log/auth.log | ||
| + | *.*;auth,authpriv.none -/var/log/syslog | ||
| + | #cron.* /var/log/cron.log | ||
| + | daemon.* -/var/log/daemon.log | ||
| + | kern.* -/var/log/kern.log | ||
| + | lpr.* -/var/log/lpr.log | ||
| + | mail.* -/var/log/mail.log | ||
| + | user.* -/var/log/user.log | ||
| + | uucp.* /var/log/uucp.log | ||
| + | | ||
| + | # | ||
| + | # Logging for the mail system. Split it up so that | ||
| + | # it is easy to write scripts to parse these files. | ||
| + | # | ||
| + | mail.info -/var/log/mail.info | ||
| + | mail.warn -/var/log/mail.warn | ||
| + | mail.err /var/log/mail.err | ||
| + | | ||
| + | # Logging for INN news system | ||
| + | # | ||
| + | news.crit /var/log/news/news.crit | ||
| + | news.err /var/log/news/news.err | ||
| + | news.notice -/var/log/news/news.notice | ||
| + | | ||
| + | # | ||
| + | # Some `catch-all' logfiles. | ||
| + | # | ||
| + | *.=debug;\ | ||
| + | auth,authpriv.none;\ | ||
| + | news.none;mail.none -/var/log/debug | ||
| + | *.=info;*.=notice;*.=warn;\ | ||
| + | auth,authpriv.none;\ | ||
| + | cron,daemon.none;\ | ||
| + | mail,news.none -/var/log/messages | ||
| + | | ||
| + | # | ||
| + | # Emergencies are sent to everybody logged in. | ||
| + | # | ||
| + | *.emerg * | ||
| + | | ||
| + | # | ||
| + | # I like to have messages displayed on the console, but only on a virtual | ||
| + | # console I usually leave idle. | ||
| + | # | ||
| + | #daemon,mail.*;\ | ||
| + | # news.=crit;news.=err;news.=notice;\ | ||
| + | # *.=debug;*.=info;\ | ||
| + | # *.=notice;*.=warn /dev/tty8 | ||
| + | | ||
| + | # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, | ||
| + | # you must invoke `xconsole' with the `-file' option: | ||
| + | # | ||
| + | # $ xconsole -file /dev/xconsole [...] | ||
| + | # | ||
| + | # NOTE: adjust the list below, or you'll go crazy if you have a reasonably | ||
| + | # busy site.. | ||
| + | # | ||
| + | daemon.*;mail.*;\ | ||
| + | news.crit;news.err;news.notice;\ | ||
| + | *.=debug;*.=info;\ | ||
| + | *.=notice;*.=warn |/dev/xconsole | ||
| + | ===== Reporting ===== | ||
| ===== TODO ===== | ===== TODO ===== | ||
| - | ===== Credits ===== | + | * Setup daily system checks such as |
| + | - Root Kit Hunter http://www.rootkit.nl/projects/rootkit_hunter.html | ||
| + | - logwatch http://www2.logwatch.org:81/ | ||
| + | - ckrootkit http://www.chkrootkit.org/ | ||
| + | * Enable tripwire | ||
| + | * Determine what admins are to recieve daily log reports | ||
| + | ===== Credits ===== | ||
build/logging.1109948483.txt.gz · Last modified: 2005/03/04 09:07 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
