Thread: [mod-security-users] MLOGC data clearup
Brought to you by:
victorhora,
zimmerletw
From: Arthur D. <mis...@bl...> - 2010-04-13 09:49:35
|
Hello all, I have recently started using the Console which, I believe, requires concurrent logging. In my /etc/mlogc.conf I have "KeepEntries 0" set. This means that, depending on the number of alerts, a large mumber of empty directories builds up in the mlogc data directory. I presume it does no harm to delete these? Is there an approved way to do so? (i.e. is there some tool or configuration setting that will remove them safely once they have done their job?) I have written a simple little script, intended to be run daily from a cron job, which removes all the directories which start with the previous day's date. Is there a better way? Thanks for any help or suggestions... Mark |
From: Ivan R. <iva...@gm...> - 2010-04-13 10:22:45
|
On Tue, Apr 13, 2010 at 10:49 AM, Arthur Dent <mis...@bl...> wrote: > Hello all, > > I have recently started using the Console which, I believe, requires > concurrent logging. In my /etc/mlogc.conf I have "KeepEntries 0" set. > > This means that, depending on the number of alerts, a large mumber of > empty directories builds up in the mlogc data directory. > > I presume it does no harm to delete these? Is there an approved way to > do so? (i.e. is there some tool or configuration setting that will > remove them safely once they have done their job?) > > I have written a simple little script, intended to be run daily from a > cron job, which removes all the directories which start with the > previous day's date. Is there a better way? Not at the moment. That's exactly what I would have done. -- Ivan Ristic ModSecurity Handbook [http://www.modsecurityhandbook.com] SSL Labs [https://www.ssllabs.com/ssldb/] |
From: Christian B. <ch...@jw...> - 2010-04-13 13:12:54
|
Am 13.04.2010 um 11:49 schrieb Arthur Dent: > Hello all, > > I have recently started using the Console which, I believe, requires > concurrent logging. In my /etc/mlogc.conf I have "KeepEntries 0" set. > > This means that, depending on the number of alerts, a large mumber of > empty directories builds up in the mlogc data directory. > > I presume it does no harm to delete these? Is there an approved way to > do so? (i.e. is there some tool or configuration setting that will > remove them safely once they have done their job?) > > I have written a simple little script, intended to be run daily from a > cron job, which removes all the directories which start with the > previous day's date. Is there a better way? find is your friend :-) Perhaps a rather easy way is to run find with "-exec rm -rf {}" from within a cron-job: find /var/log/mlogc/data -type d -empty -mtime 2d -exec rm -rf {} \; This will delete all *empty* directories which have a modificationt time (creation time) older than 2 days. Regards, Chris |
From: Arthur D. <mis...@bl...> - 2010-04-13 13:22:53
|
On Tue, 2010-04-13 at 15:12 +0200, Christian Bockermann wrote: > Am 13.04.2010 um 11:49 schrieb Arthur Dent: > > > Hello all, > > > > I have recently started using the Console which, I believe, requires > > concurrent logging. In my /etc/mlogc.conf I have "KeepEntries 0" set. > > > > This means that, depending on the number of alerts, a large mumber of > > empty directories builds up in the mlogc data directory. > > > > I presume it does no harm to delete these? Is there an approved way to > > do so? (i.e. is there some tool or configuration setting that will > > remove them safely once they have done their job?) > > > > I have written a simple little script, intended to be run daily from a > > cron job, which removes all the directories which start with the > > previous day's date. Is there a better way? > > find is your friend :-) > > Perhaps a rather easy way is to run find with "-exec rm -rf {}" from within > a cron-job: > > find /var/log/mlogc/data -type d -empty -mtime 2d -exec rm -rf {} \; > > This will delete all *empty* directories which have a modificationt time > (creation time) older than 2 days. Oooh I like that! Much better than what what I had. I had done this: #! /bin/bash DIRGONE=`date --date="yesterday" +%Y%m%d` MLOGCDIR="/var/log/mlogc/data" rmdir $MLOGCDIR/$DIRGONE/$DIRGONE-* rmdir $MLOGCDIR/$DIRGONE But your is better in all sorts of ways. Thanks! Mark |