Last active
June 19, 2017 07:24
-
-
Save azet/f4f0aeb849747ed505cc1d720d1bc919 to your computer and use it in GitHub Desktop.
PaX/grsec log rotation on production systems [file: `/etc/logrotate.d/grsec`] (Debian)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this: `/etc/logrotate.d/grsec`. | |
/var/log/messages /var/log/syslog /var/log/kern.log { | |
daily | |
rotate 14 | |
missingok | |
notifempty | |
compress | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PaX/grsecurity adds a whole lot of -- very useful -- output to the kernel ring buffer. this behavior can fill up your
/
or/var
partition quickly, if not specifically rotated, especially on server machines and instances. you may consider usinglogstash
,splunk
(if you can afford it) orgreylog2
for archiving and analysis of said log-files. forwarding may be done viasystemd
or anysyslog
daemon.enabling
compress
by default in/etc/logrotate.conf
is a pretty good idea on production systems, too.journalctl(1)
to inspect the current buffer (systemd journal)zless(1)
to view compressed log-files in/var/log
sudo journalctl -xa -o verbose
will query all available details in the systemd journalan alternative with clear advantages in multi-machine/instance and cluster environments is using
rsyslog
for all log-files orsystemd
's journaling capability (which supports import and export as well as networked journaling). similarly; tools likefluentd
can be useful depending on the environment and further post-processing and archiving.