[newbie] logrotate question

2004-10-09 Thread Chris 
I've setup logrotate to rotate my /var/log/snort/session.log daily and mail 
it to me.  For some reason its being rotated but not but the old log isn't 
being mailed, however, I have the same setup for rkhunter that sends me the 
output of rkhunter after its run as a cron job and before its compressed.  
Below are my settings:

# system-specific logs may be configured here
/var/log/rkhunter.log {
 daily
 rotate 5
 nocreate
 maillast
 mail [EMAIL PROTECTED]
}

/var/log/snort/session.log {
 daily
 rotate 5
 nocreate
 maillast
 mail [EMAIL PROTECTED]
}

Any ideas?

-- 
Chris
Registered Linux User 283774 http://counter.li.org
11:29am up 5 days, 19:21, 1 user, load average: 0.14, 0.05, 0.01

Honesty is the best policy, but insanity is a better defense.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] logrotate question

2004-10-09 Thread mike 


Chris wrote:
 I've setup logrotate to rotate my /var/log/snort/session.log daily and mail 
 it to me.  For some reason its being rotated but not but the old log isn't 
 being mailed, however, I have the same setup for rkhunter that sends me the 
 output of rkhunter after its run as a cron job and before its compressed.  
 Below are my settings:
 
 # system-specific logs may be configured here
 /var/log/rkhunter.log {
  daily
  rotate 5
  nocreate
  maillast
  mail [EMAIL PROTECTED]
 }
 
 /var/log/snort/session.log {
  daily
  rotate 5
  nocreate
  maillast
  mail [EMAIL PROTECTED]
 }
 
 Any ideas?
 

How long have you been running the snort/session.log  rotate
if rotated 5 times, once daily would take 6 days i think till last
log to expire and be mailed? Just a guess.

Mike


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] logrotate question

2004-10-09 Thread Chris 
On Saturday 09 October 2004 01:29 pm, mike wrote:
 Chris wrote:
  I've setup logrotate to rotate my /var/log/snort/session.log daily and
  mail it to me.  For some reason its being rotated but not but the old
  log isn't being mailed, however, I have the same setup for rkhunter
  that sends me the output of rkhunter after its run as a cron job and
  before its compressed. Below are my settings:
 
  # system-specific logs may be configured here
  /var/log/rkhunter.log {
   daily
   rotate 5
   nocreate
   maillast
   mail [EMAIL PROTECTED]
  }
 
  /var/log/snort/session.log {
   daily
   rotate 5
   nocreate
   maillast
   mail [EMAIL PROTECTED]
  }
 
  Any ideas?

 How long have you been running the snort/session.log  rotate
 if rotated 5 times, once daily would take 6 days i think till last
 log to expire and be mailed? Just a guess.

 Mike

A couple of days now, however, what confuses me is that the raw rkhunter log 
output was mailed to me the first time the log was rotated.  Since its 
already gone through 5 rotations I'm getting the compressed log mailed to 
me now, which I really don't want.  I've changed the rotate 5 to rotate 
1 on the snort log and will see what happens.

-- 
Chris
Registered Linux User 283774 http://counter.li.org
3:34pm up 5 days, 23:26, 1 user, load average: 0.15, 0.11, 0.04

Remembering is for those who have forgotten.
-- Chinese proverb

Live - From Virgin Radio UK David Bowie - Changes



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] logrotate tool for stout

2004-02-16 Thread David E. Fox 
On Wed, 11 Feb 2004 00:04:49 +0100
Søren Neigaard [EMAIL PROTECTED] wrote:

 I have an application where I pipe its stout into a file, but the file
 grows huge over time. So I was thinking if there is a tool I can pipe
 my

Does the application output grow over a period of time? Are you running
it all the time or periodically, over say a month or so? If so, you
could just add the file to the list of files in the logrotate
configuration (/etc/logrotate).

Logrotate essentially runs once per week (typically) and gzips the log,
creating a new zero-byte log. Other gzipped log files are moved out of
the way, or (ultimately) deleted.

Are there items which you could search for in the file - such as time or
date stamps, and hten use selection tools to filter those lines out? 

Ultimately, you could just pipe the stdout of the application through
gzip, and compress its output:

app - | gzip - output.gz

for instance.


-- 

David E. Fox  Thanks for letting me
[EMAIL PROTECTED]change magnetic patterns
[EMAIL PROTECTED]   on your hard disk.
---

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] logrotate tool for stout

2004-02-10 Thread Søren Neigaard 
Im not 100% sure this is the right place for this question, but I guess
if I where not a newbie, I would know if souch a tool exists or not, so
therefore the question here ;)

I have an application where I pipe its stout into a file, but the file
grows huge over time. So I was thinking if there is a tool I can pipe my
stout to, and this tool then could rotete my file somehow?

I have searched google, and fond a lot of tools for Apache and syslog,
but nothing that would solve my problem here.

Does souch a tool exist?

Best regards
Sren


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] logrotate

2003-10-07 Thread mike 
Burrows, Scott wrote:
Mike,
Doing the manual thing that is being proposed will certainly work but why do
it that way when you can use WebMin and get a nice easy interface to work
with and be concerned about hosing up a text file or use the the wrong
syntax.
WEBMIN it baby!

I used Webmin to alter my logrotate times last Friday.  Piece of cake.

Scott
Hi Scott,
Yes Webmin great tool but I don't think I can use it in this 
situation (least I don't think I can). Its my firewall/gateway box
and I don't have X installed. Friend of mine did a minimal install
(MDK) on it, used firewall builder (another nice piece of software) 
to set it up. I just ssh into it to do the things I need to do.
Thanks for the tip though.

Mike




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] logrotate

2003-10-04 Thread Sharrea Day 
On Fri, 03 Oct 2003 16:27, mike wrote:
 Thanks, Fajar
 I edited the /etc/logrotate.d/syslog to daily instead of weekly.
 Under /etc/cron.daily I have logrotate* so I should be good to
 go.

Mike, JFYI:

the command to force log rotation of /var/log/syslog and /var/log/messages 
would be:

#  logrotate -v -f /etc/logrotate.d/syslog

NOTE:  Using the default logrotate config file for syslog 
(/etc/logrotate.d/syslog) will not only rotate /var/log/syslog and 
/var/log/messages but ALSO rotates a hell of lot of other logs like 
/var/log/auth.log and /var/log/user.log for example.  Look at the list in 
the config file.

You may want to first create your own config file just for /var/log/syslog 
and /var/log/messages that you can use whenever the need arises.  You could 
just copy /etc/logrotate.d/syslog to /home/user/mysyslog and remove all 
other logs from the list in this file and issue the command:

#  logrotate -v -f /home/user/mysyslog

Sharrea
-- 
Help Microsoft stamp out piracy - give Linux to a friend today

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] logrotate

2003-10-04 Thread mike 
Sharrea Day wrote:
On Fri, 03 Oct 2003 16:27, mike wrote:

Thanks, Fajar
I edited the /etc/logrotate.d/syslog to daily instead of weekly.
Under /etc/cron.daily I have logrotate* so I should be good to
go.


Mike, JFYI:

the command to force log rotation of /var/log/syslog and /var/log/messages 
would be:

#  logrotate -v -f /etc/logrotate.d/syslog
I see now, that was my mistake on the command, rotate needed a 
config file to use. I was useing rotate -f instead of
rotate -v -f /etc/logrotate.d/syslog

NOTE:  Using the default logrotate config file for syslog 
(/etc/logrotate.d/syslog) will not only rotate /var/log/syslog and 
/var/log/messages but ALSO rotates a hell of lot of other logs like 
/var/log/auth.log and /var/log/user.log for example.  Look at the list in 
the config file.
Yes I discovered that after it ran.

You may want to first create your own config file just for /var/log/syslog 
and /var/log/messages that you can use whenever the need arises.  You could 
just copy /etc/logrotate.d/syslog to /home/user/mysyslog and remove all 
other logs from the list in this file and issue the command:

#  logrotate -v -f /home/user/mysyslog
That is a great idea! I am going to try that, I could use the 
practice learning how the config files work.

Sharrea
Thank you Sharrea for showing me that. Still trying to get a handle 
on those man pages. :-)

Mike




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] logrotate

2003-10-02 Thread mike 
Hello,
I did a (not a very nice thing) to my firewall box and as
a result have created some rather huge log files in
/var/log/messages  and  /var/log/syslog
I would like to manually clean them up if I can
I tried logrotate and with the -f option, but it
displays version and brief help message. I dont believe
I understand the man page to well, any pointers?
I also do not have X installed on it.
Mike



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] logrotate

2003-10-02 Thread Fajar Priyanto 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday 03 October 2003 10:31 am, mike wrote:
 I tried logrotate and with the -f option, but it
 displays version and brief help message. I dont believe
 I understand the man page to well, any pointers?
 I also do not have X installed on it.

Hi Mike,
Actually it's all been set up, but /var/log/messages would be rotated on 
weekly basis, if you want it daily, you can done so by changing:
/etc/logrotate.d/syslog:
{
sharedscripts
rotate 5
weekly - CHANGE THIS INTO DAILY
postrotate
/usr/bin/killall -HUP syslogd #
endscript
}

Make sure that you set your crontab to execute the command (crond.daily, 
logrotate). It's all there should be.

- -- 
Fajar http://linux.arinet.org
Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux
10:55:39 up 3:21, 10 users, load average: 0.11, 0.24, 0.24
Quote of the day:
Win98 is called Win98 because you need 98 MB RAM to install it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/fPQJMai9kCFqACoRAv+NAJ9S3Yo+1r1i/LKXLwp4/5Gfcrv5cACfYSci
Mo18wNo2n/G+Jpg666o8zAM=
=SaM6
-END PGP SIGNATURE-


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] logrotate

2003-10-02 Thread mike 
Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 03 October 2003 10:31 am, mike wrote:

I tried logrotate and with the -f option, but it
displays version and brief help message. I dont believe
I understand the man page to well, any pointers?
I also do not have X installed on it.


Hi Mike,
Actually it's all been set up, but /var/log/messages would be rotated on 
weekly basis, if you want it daily, you can done so by changing:
/etc/logrotate.d/syslog:
{
sharedscripts
rotate 5
weekly - CHANGE THIS INTO DAILY
postrotate
/usr/bin/killall -HUP syslogd #
endscript
}

Make sure that you set your crontab to execute the command (crond.daily, 
logrotate). It's all there should be.

- -- 
Fajar http://linux.arinet.org
Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux
10:55:39 up 3:21, 10 users, load average: 0.11, 0.24, 0.24
Quote of the day:
Win98 is called Win98 because you need 98 MB RAM to install it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/fPQJMai9kCFqACoRAv+NAJ9S3Yo+1r1i/LKXLwp4/5Gfcrv5cACfYSci
Mo18wNo2n/G+Jpg666o8zAM=
=SaM6
-END PGP SIGNATURE-
Thanks, Fajar
I edited the /etc/logrotate.d/syslog to daily instead of weekly.
Under /etc/cron.daily I have logrotate* so I should be good to
go.
Mike




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] logrotate error ??

2002-10-25 Thread Kenn Murrah 
when running

 logrotate logrotate.conf

i'm getting an error:

  error:  logrotate.conf:1 unexpected text

the entire  contents of my logrotate.conf file is:

 errors [EMAIL PROTECTED]
 /var/log/squid/access.log {
 rotate 8
 daily
 }

can anyone tell me what i've done wrong?  i've
followed the man pages as closely as possible, but
something ain't right with this ...

thanks in advance,

kenn

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] logrotate doesn't

2002-10-04 Thread Poogle 

My log files fill up and I cannot get logrotate to empty them, I have issued 
logrotate -f /var/log/messages (as root) but get a string of errors like this

error: /var/log/messages:20224 unknown option 'Oct' -- ignoring line
error: /var/log/messages:20224 unexpected text
error: /var/log/messages:20225 unknown option 'Oct' -- ignoring line
error: /var/log/messages:20225 unexpected text

my /etc/logrotate.d/syslog looks like this -

snipped the top bit

/var/log/auth.log /var/log/syslog /var/log/user.log /var/log/secure 
/var/log/messages /var/log/boot.log /var/log/mail/errors /var/log/mail/info 
/var/log/mail/warnings /var/log/cron/errors /var/log/cron/info 
/var/log/cron/warnings /var/log/kernel/errors /var/log/kernel/info 
/var/log/kernel/warnings /var/log/lpr/errors /var/log/lpr/info 
/var/log/lpr/warnings /var/log/news/news.err /var/log/news/news.notice 
/var/log/news/news.crit /var/log/daemons/errors /var/log/daemons/info 
/var/log/daemons/warnings /var/log/explanations {
sharedscripts
rotate 1
daily
postrotate
/usr/bin/killall -HUP syslogd #
endscript
}

and my /etc/logrotate.conf looks like this -

# see man logrotate for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

/var/log/lastlog {
monthly
rotate 1
}

# system-specific logs may be configured here



}

/var/log/messages {
daily
rotate 1
}


}

/var/log/syslog {
daily
rotate 1
}




-- 
http://www.poogle.co.uk



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Logrotate

2001-04-28 Thread Todd Lyons 

 Delagarza, Gilbert wrote:
 
 What in the world is logrotate and why is it taking up so much memory
 and making my drive just run and run and run. I had this issue earlier
 this week where the server was just crawling. I noticed that logrotate
 was active twice taking up huge amounts of memory. I ended up
 rebooting the server to get it to stop. Now its back again.
 We have Linux Mandrake 7.0

There was a bug in an old version of logrotate that didn't show up until
a config file was populated with just the right configuration entry. 
You have two options:

Easy: download logrotate updated rpm for your version of Mandrake

Manual: 
   /etc/rc.d/init.d/syslog stop
   rm -rf /var/log/mail/*
  # go get a cup of coffee
   rm -rf /var/log/news/*
  # go get a refill of that coffee
   vi /etc/logrotate.d/syslog
   change the lines that say
   /var/log/mail/*
   /var/log/news/*
   to
   /var/log/mail/*log
   /var/log/news/*log
   /etc/rc.d/init.d/syslog start

Good luck!
-- 
tlyons at mandrakesoft dot com
http://www.linux-mandrake.com/en

[newbie] Logrotate

2001-04-27 Thread Delagarza, Gilbert 



What in the world is 
logrotate and why is it taking up so much memory and making my drive just run 
and run and run. I had this issue earlier this week where the server was just 
crawling. I noticed that logrotate was active twice taking up huge amounts of 
memory. I ended up rebooting the server to get it to stop. Now its back 
again.
We have Linux 
Mandrake 7.0

Gilbert De La Garza

Re: [newbie] Logrotate

2001-04-27 Thread Paul 

 What in the world is logrotate and why is it taking up so much memory and
 making my drive just run and run and run. I had this issue earlier this week
 where the server was just crawling. I noticed that logrotate was active
 twice taking up huge amounts of memory. I ended up rebooting the server to
 get it to stop. Now its back again.

Logrotate is an automatically started program (system cron) that makes backup copies of
the /var/log/message files and other logfiles. It is run each day.
You can find the start of it in /etc/rc.d/cron.daily (I think... not sure, from my
memory). Remove the script that runs the logrotate and you are free.
Do note that this means that the system logs will never be cleared, so they will get
bigger and bigger. You may want to move the run of the script from daily to weekly, or 
run
it from the root cron on a moment that you know system load is low.
Paul

Re: [newbie] logrotate process does not stop

2001-01-19 Thread Renato Tognaccini 


Paul wrote:
> Hi, I have the following problem on my Mandrake
7.1 kernel 2.2.15:
> the process logrotate that reorganizes the system messages directory
> /var/log
> and which is daily launched by cron does not stop anymore. So each
day a
> logrotate
> starts , after 3 days on my computer 3 logroate process are running
and
> overload the
> system. I tried to shutdown the system but the problem appeared again.
Download the updates to logrotate and syslogd (almost correct).
Those fix the problem. You can find them on rpmfind.net and also on
the FTP sites for
Mandrake.
Paul
Thank you for your help.
However I updated logrotate and syslogd,
but the problem is still present. I also removed all *.tgz files in
/var/log, but no news.
Can you help me?
Bye
Renato

--
Renato Tognaccini,
Dipartimento di Progettazione Aeronautica,
Universita` di Napoli Federico II,
Piazzale V. Tecchio 80,
80125 Napoli, ITALIA.

tel.: +39-0817682179
fax: +39-0817682187
email: [EMAIL PROTECTED]

[newbie] logrotate process does not stop

2001-01-12 Thread Renato Tognaccini 


Hi, I have the following problem on my Mandrake 7.1 kernel 2.2.15:
the process logrotate that reorganizes the system messages directory
/var/log
and which is daily launched by cron does not stop anymore. So each
day a logrotate
starts , after 3 days on my computer 3 logroate process are running
and overload the
system. I tried to shutdown the system but the problem appeared again.
What sholud I do?

Thank you
Renato
--
Renato Tognaccini,
Dipartimento di Progettazione Aeronautica,
Universita` di Napoli Federico II,
Piazzale V. Tecchio 80,
80125 Napoli, ITALIA.

tel.: +39-0817682179
fax: +39-0817682187
email: [EMAIL PROTECTED]

Re: [newbie] logrotate process does not stop

2001-01-12 Thread Paul 

 Hi, I have the following problem on my Mandrake 7.1 kernel 2.2.15:
 the process logrotate that reorganizes the system messages directory
 /var/log
 and which is daily launched by cron does not stop anymore. So each day a
 logrotate
 starts , after 3 days on my computer 3 logroate process are running and
 overload the
 system. I tried to shutdown the system but the problem appeared again.

Download the updates to logrotate and syslogd (almost correct).
Those fix the problem. You can find them on rpmfind.net and also on the FTP sites for
Mandrake.

Paul

RE: [newbie] logrotate process does not stop

2001-01-12 Thread Jose M. Sanchez 




-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On Behalf Of Renato 
TognacciniSent: Friday, January 12, 2001 3:15 AMTo: 
[EMAIL PROTECTED]Subject: [newbie] logrotate process does not 
stopHi, I have the following problem on my Mandrake 7.1 
kernel 2.2.15: the process logrotate that reorganizes the system messages 
directory /var/log and which is daily launched by cron does not stop 
anymore. So each day a logrotate starts , after 3 days on my computer 3 
logroate process are running and overload the system. I tried to shutdown 
the system but the problem appeared again. 
What sholud I do? [|JMS ]Eh, edit the logrotate 
configuration file would be a good start.
-JMS