Walter Dnes wrote:
> On another thread, I had to dive into into /var/log/messages, and I
> realized that it was not being rotated. It's 32 megabytes+, most of
> which is iptables reject messages for Facebook trackers. What do I need
> to do to get log rotation working?
>
> /etc/logrotate.conf
>
> ########################################################################
>
> #
> # Default logrotate(8) configuration file for Gentoo Linux.
> # See "man logrotate" for details.
>
> # rotate log files weekly.
> weekly
> #daily
>
> # keep 4 weeks worth of backlogs.
> rotate 4
>
> # create new (empty) log files after rotating old ones.
> create
>
> # use date as a suffix of the rotated file.
> dateext
>
> # compress rotated log files.
> compress
>
> notifempty
> nomail
> noolddir
>
> # packages can drop log rotation information into this directory.
> include /etc/logrotate.d
>
> # no packages own wtmp and btmp -- we'll rotate them here.
> /var/log/wtmp {
> monthly
> create 0664 root utmp
> minsize 1M
> rotate 1
> }
> /var/log/btmp {
> missingok
> monthly
> create 0600 root utmp
> rotate 1
> }
>
> # system-specific logs may be also be configured here.
>
> ########################################################################
>
> /etc/logrotate.d contains...
> dcron elog-save-summary hibernate-script openrc rsyncd syslog-ng
>
> ########################################################################
>
> And maybe either stop logging Facebook, or else log iptables messages
> to a separate file (how is that done?). The Facebook tracker messages
> are generated by iptables rules...
>
> -A INPUT -s 31.13.24.0/21 -j FECESBOOK
> -A INPUT -s 31.13.64.0/18 -j FECESBOOK
> -A INPUT -s 66.220.144.0/20 -j FECESBOOK
> -A INPUT -s 69.63.176.0/20 -j FECESBOOK
> -A INPUT -s 69.171.224.0/19 -j FECESBOOK
> -A INPUT -s 74.119.76.0/22 -j FECESBOOK
> -A INPUT -s 103.4.96.0/22 -j FECESBOOK
> -A INPUT -s 173.252.64.0/18 -j FECESBOOK
> -A INPUT -s 204.15.20.0/22 -j FECESBOOK
>
> -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK
> -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK
> -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK
> -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK
> -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK
> -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK
> -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK
> -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK
> -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK
>
> -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
> -A FECESBOOK -j REJECT --reject-with icmp-port-unreachable
>
I may be missing something but this is what I could find on my system.
root@fireball / # cat /etc/cron.daily/logrotate
#!/bin/sh
/usr/bin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit $EXITVALUE
root@fireball / # cat /etc/logrotate.d/syslog-ng
#
# Syslog-ng logrotate snippet for Gentoo Linux
# contributed by Michael Sterrett
#
/var/log/messages {
delaycompress
missingok
sharedscripts
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
root@fireball / #
Basically, it's two files, that I can find anyway. One is to run it as
a cron and the other tells it what to rotate. If you duplicate that, it
should help. Of course, make sure whatever cron you are using is
running as well.
Hope that helps.
Dale
:-) :-)
