This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
build:logging [2005/03/04 09:11] 24.217.122.10 |
build:logging [2018/05/28 02:10] (current) SLUUG Administration [logrotate.conf] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Logging ====== | ====== Logging ====== | ||
- | what is logged, to where, reports, and to whom | + | |
+ | What is logged, to where, reports, and to whom. | ||
===== Access ===== | ===== Access ===== | ||
+ | |||
===== Installation ===== | ===== Installation ===== | ||
- | ==== syslog.conf ==== | + | Installed as the default Debian logging setup. |
- | # /etc/syslog.conf Configuration file for syslogd. | + | |
- | # | + | |
- | # For more information see syslog.conf(5) | + | |
- | # manpage. | + | |
- | # | ||
- | # First some standard logfiles. Log by facility. | ||
- | # | ||
- | auth,authpriv.* /var/log/auth.log | + | ==== /etc/klogd/default ==== |
- | *.*;auth,authpriv.none -/var/log/syslog | + | |
- | #cron.* /var/log/cron.log | + | |
- | daemon.* -/var/log/daemon.log | + | |
- | kern.* -/var/log/kern.log | + | |
- | lpr.* -/var/log/lpr.log | + | |
- | mail.* -/var/log/mail.log | + | |
- | user.* -/var/log/user.log | + | |
- | uucp.* /var/log/uucp.log | + | |
- | # | + | Change KLOGD line to read: |
- | # Logging for the mail system. Split it up so that | + | <file> |
- | # it is easy to write scripts to parse these files. | + | KLOGD="-c 5" |
- | # | + | </file> |
- | mail.info -/var/log/mail.info | + | to turn off console messages for lower priority messages. |
- | mail.warn -/var/log/mail.warn | + | |
- | mail.err /var/log/mail.err | + | |
- | # Logging for INN news system | + | Technically, we should be changing the ''kernel.printk'' line in ''/etc/sysctl.conf'' instead, but that has not yet been tested. |
- | # | + | |
- | news.crit /var/log/news/news.crit | + | |
- | news.err /var/log/news/news.err | + | |
- | news.notice -/var/log/news/news.notice | + | |
- | # | ||
- | # Some `catch-all' logfiles. | ||
- | # | ||
- | *.=debug;\ | ||
- | auth,authpriv.none;\ | ||
- | news.none;mail.none -/var/log/debug | ||
- | *.=info;*.=notice;*.=warn;\ | ||
- | auth,authpriv.none;\ | ||
- | cron,daemon.none;\ | ||
- | mail,news.none -/var/log/messages | ||
- | # | + | ==== logrotate.conf ==== |
- | # Emergencies are sent to everybody logged in. | + | |
- | # | + | |
- | *.emerg * | + | |
- | # | + | Edit ''/etc/logrotate.conf'' to change the ''rotate'' option for ''/var/log/wtmp'' from ''1'' to ''25'', and ''/var/log/btmp'' from ''1'' to ''13''. |
- | # I like to have messages displayed on the console, but only on a virtual | + | |
- | # console I usually leave idle. | + | |
- | # | + | |
- | #daemon,mail.*;\ | + | |
- | # news.=crit;news.=err;news.=notice;\ | + | |
- | # *.=debug;*.=info;\ | + | |
- | # *.=notice;*.=warn /dev/tty8 | + | |
- | # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, | + | === Later changes and corrections === |
- | # you must invoke `xconsole' with the `-file' option: | + | |
- | # | + | |
- | # $ xconsole -file /dev/xconsole [...] | + | |
- | # | + | |
- | # NOTE: adjust the list below, or you'll go crazy if you have a reasonably | + | |
- | # busy site.. | + | |
- | # | + | |
- | daemon.*;mail.*;\ | + | |
- | news.crit;news.err;news.notice;\ | + | |
- | *.=debug;*.=info;\ | + | |
- | *.=notice;*.=warn |/dev/xconsole | + | |
+ | Add option ''dateext'' to change the naming convention of adding | ||
+ | generation numbers ".1", ".2", etc. to the "-yyyymmdd" format. | ||
+ | Also manually rename all existing log files to the new format. | ||
+ | Note this is the default in later releases. | ||
+ | Fix incorrect permissions for the ''/var/log/btmp'' entry | ||
+ | from ''0660'' to ''0600''. | ||
+ | Also chmod existing files to make the same change. | ||
+ | This is a well known bug fixed in later releases, but should be verified. | ||
+ | ==== syslog.conf ==== | ||
- | ===== System Changes ===== | + | Everything at level of info other than kern.info and mail.info goes to /var/log/messages. That was accomplished with: |
- | //Please post changes here in the format of: [H4] date|your name [/H4] [CR]description of chages made// | + | |
+ | news.info;daemon.info;\ | ||
+ | auth.info;authpriv.info;\ | ||
+ | cron.info;syslog.info;\ | ||
+ | user.info -/var/log/messages | ||
+ | |||
+ | |||
+ | OLD: | ||
+ | # /etc/syslog.conf Configuration file for syslogd. | ||
+ | # | ||
+ | # For more information see syslog.conf(5) | ||
+ | # manpage. | ||
+ | |||
+ | # | ||
+ | # First some standard logfiles. Log by facility. | ||
+ | # | ||
+ | |||
+ | auth,authpriv.* /var/log/auth.log | ||
+ | *.*;auth,authpriv.none -/var/log/syslog | ||
+ | #cron.* /var/log/cron.log | ||
+ | daemon.* -/var/log/daemon.log | ||
+ | kern.* -/var/log/kern.log | ||
+ | lpr.* -/var/log/lpr.log | ||
+ | mail.* -/var/log/mail.log | ||
+ | user.* -/var/log/user.log | ||
+ | uucp.* /var/log/uucp.log | ||
+ | |||
+ | # | ||
+ | # Logging for the mail system. Split it up so that | ||
+ | # it is easy to write scripts to parse these files. | ||
+ | # | ||
+ | mail.info -/var/log/mail.info | ||
+ | mail.warn -/var/log/mail.warn | ||
+ | mail.err /var/log/mail.err | ||
+ | |||
+ | # Logging for INN news system | ||
+ | # | ||
+ | news.crit /var/log/news/news.crit | ||
+ | news.err /var/log/news/news.err | ||
+ | news.notice -/var/log/news/news.notice | ||
+ | |||
+ | # | ||
+ | # Some `catch-all' logfiles. | ||
+ | # | ||
+ | *.=debug;\ | ||
+ | auth,authpriv.none;\ | ||
+ | news.none;mail.none -/var/log/debug | ||
+ | *.=info;*.=notice;*.=warn;\ | ||
+ | auth,authpriv.none;\ | ||
+ | cron,daemon.none;\ | ||
+ | mail,news.none -/var/log/messages | ||
+ | |||
+ | # | ||
+ | # Emergencies are sent to everybody logged in. | ||
+ | # | ||
+ | *.emerg * | ||
+ | |||
+ | # | ||
+ | # I like to have messages displayed on the console, but only on a virtual | ||
+ | # console I usually leave idle. | ||
+ | # | ||
+ | #daemon,mail.*;\ | ||
+ | # news.=crit;news.=err;news.=notice;\ | ||
+ | # *.=debug;*.=info;\ | ||
+ | # *.=notice;*.=warn /dev/tty8 | ||
+ | |||
+ | # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, | ||
+ | # you must invoke `xconsole' with the `-file' option: | ||
+ | # | ||
+ | # $ xconsole -file /dev/xconsole [...] | ||
+ | # | ||
+ | # NOTE: adjust the list below, or you'll go crazy if you have a reasonably | ||
+ | # busy site.. | ||
+ | # | ||
+ | daemon.*;mail.*;\ | ||
+ | news.crit;news.err;news.notice;\ | ||
+ | *.=debug;*.=info;\ | ||
+ | *.=notice;*.=warn |/dev/xconsole | ||
+ | ===== Reporting ===== | ||
- | === Feburary 19 2005 | Install Group === | ||
- | Initial instalation of default Debian logging. | ||
===== TODO ===== | ===== TODO ===== | ||
- | * Setup daily system checks such as Root Kit Hunter | + | * Setup daily system checks such as |
+ | - Root Kit Hunter http://www.rootkit.nl/projects/rootkit_hunter.html | ||
+ | - logwatch http://www2.logwatch.org:81/ | ||
+ | - ckrootkit http://www.chkrootkit.org/ | ||
+ | |||
* Enable tripwire | * Enable tripwire | ||
* Determine what admins are to recieve daily log reports | * Determine what admins are to recieve daily log reports | ||
- | |||
===== Credits ===== | ===== Credits ===== | ||
+ |