Thread: [mod-security-users] Logrotate file for Ubuntu
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Blason R <bla...@gm...> - 2021-03-11 04:09:43
|
Hi Team,
Somehow my logroate with Ubuntu 20.04 is not working for modsec audit log
and still a single file is being filled with the logs.
Am I doing anything wrong?
more /etc/logrotate.d/modsec_audit
/var/log/modsec_audit.log {
su root root
daily
rotate 7
*size 10M*
missingok
compress
delaycompress
}
I want the files to be rotated every day
ls -larth /var/log/modsec*
-rw-r--r-- 1 root root 887K Mar 10 13:54 /var/log/modsec_audit.log.2.gz
-rw-r--r-- 1 root root 0 Mar 11 00:00 /var/log/modsec_audit.log
-rw-r--r-- 1 root root *36M* Mar 11 08:12 /var/log/modsec_audit.log.1
|
|
From: Ervin H. <ai...@gm...> - 2021-03-11 07:26:41
|
Hi Blason,
On Thu, Mar 11, 2021 at 09:39:15AM +0530, Blason R wrote:
> Hi Team,
>
> Somehow my logroate with Ubuntu 20.04 is not working for modsec audit log
> and still a single file is being filled with the logs.
>
> Am I doing anything wrong?
from the manual of logrotate:
size size
Log files are rotated *only* if they grow bigger than size bytes.
> more /etc/logrotate.d/modsec_audit
> /var/log/modsec_audit.log {
> su root root
> daily
> rotate 7
> *size 10M*
> missingok
> compress
> delaycompress
> }
>
> I want the files to be rotated every day
so it looks like the option "size" overwrites the "daily".
hth,
a.
|
|
From: Christian F. <chr...@ne...> - 2021-03-11 07:37:15
|
On Thu, Mar 11, 2021 at 08:26:22AM +0100, Ervin Hegedüs wrote: > so it looks like the option "size" overwrites the "daily". I was puzzled by that as well... Christian > > hth, > > > a. > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2021-03-11 07:29:06
|
Hey Blason,
If on Apache, then you need to reload the server config to instruct
the server to open the logfiles anew. I used to do this inside the
curly brackets, IIRC.
Regs,
Christian
On Thu, Mar 11, 2021 at 09:39:15AM +0530, Blason R wrote:
> Hi Team,
>
> Somehow my logroate with Ubuntu 20.04 is not working for modsec audit log
> and still a single file is being filled with the logs.
>
> Am I doing anything wrong?
>
> more /etc/logrotate.d/modsec_audit
> /var/log/modsec_audit.log {
> su root root
> daily
> rotate 7
> *size 10M*
> missingok
> compress
> delaycompress
> }
>
> I want the files to be rotated every day
>
> ls -larth /var/log/modsec*
> -rw-r--r-- 1 root root 887K Mar 10 13:54 /var/log/modsec_audit.log.2.gz
> -rw-r--r-- 1 root root 0 Mar 11 00:00 /var/log/modsec_audit.log
> -rw-r--r-- 1 root root *36M* Mar 11 08:12 /var/log/modsec_audit.log.1
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
|
From: Andrew H. <and...@lo...> - 2021-03-11 10:46:19
|
Hi Blason,
You could try using the copytruncate option, which negates the need to
reload Apache by leaving the original log file in place.
As an example, we use the following configuration to rotate audit logs:
/var/log/httpd/modsec_audit*.log {
copytruncate
weekly
rotate 12
size 20M
create 0640 root root
}
Just another idea you could test :)
Thanks,
Andrew
--
Andrew Howe
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
|
|
From: Christian V. <cv...@it...> - 2021-03-11 16:32:08
Attachments:
signature.asc
|
+1
I use this method (copytruncate) and works without issues
Cheers.
Chris.
> On jueves, mar. 11, 2021 at 7:45 a. m., Andrew Howe <and...@lo... (mailto:and...@lo...)> wrote:
> Hi Blason,
>
> You could try using the copytruncate option, which negates the need to
> reload Apache by leaving the original log file in place.
>
> As an example, we use the following configuration to rotate audit logs:
>
> /var/log/httpd/modsec_audit*.log {
> copytruncate
> weekly
> rotate 12
> size 20M
> create 0640 root root
> }
>
> Just another idea you could test :)
>
> Thanks,
> Andrew
>
> --
>
> Andrew Howe
> Loadbalancer.org Ltd.
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
|
From: Blason R <bla...@gm...> - 2021-03-11 17:37:48
|
Thanks guys!!!
On Thu, Mar 11, 2021 at 4:19 PM Andrew Howe <and...@lo...>
wrote:
> Hi Blason,
>
> You could try using the copytruncate option, which negates the need to
> reload Apache by leaving the original log file in place.
>
> As an example, we use the following configuration to rotate audit logs:
>
> /var/log/httpd/modsec_audit*.log {
> copytruncate
> weekly
> rotate 12
> size 20M
> create 0640 root root
> }
>
> Just another idea you could test :)
>
> Thanks,
> Andrew
>
> --
>
> Andrew Howe
> Loadbalancer.org Ltd.
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
Thanks for helping keep SourceForge clean.
X