PaX/grsec log rotation on production systems [file: `/etc/logrotate.d/grsec`] (Debian)

grsec

# this: `/etc/logrotate.d/grsec`.
/var/log/messages /var/log/syslog /var/log/kern.log {
    daily
    rotate 14
    missingok
    notifempty
    compress
}

PaX/grsecurity adds a whole lot of -- very useful -- output to the kernel ring buffer. this behavior can fill up your / or /var partition quickly, if not specifically rotated, especially on server machines and instances. you may consider using logstash, splunk (if you can afford it) or greylog2 for archiving and analysis of said log-files. forwarding may be done via systemd or any syslog daemon.

enabling compress by default in /etc/logrotate.conf is a pretty good idea on production systems, too.

• use journalctl(1) to inspect the current buffer (systemd journal)
• use zless(1) to view compressed log-files in /var/log
• sudo journalctl -xa -o verbose will query all available details in the systemd journal

an alternative with clear advantages in multi-machine/instance and cluster environments is using rsyslog for all log-files or systemd's journaling capability (which supports import and export as well as networked journaling). similarly; tools like fluentd can be useful depending on the environment and further post-processing and archiving.