Welcome to Centmin Mod Community
Register Now

Sysadmin Disable log rotate?

Discussion in 'System Administration' started by arlon, Jan 27, 2018.

  1. arlon

    arlon Member

    88
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    11:43 PM
    1.13.6
    10.1
    this is regarding my previous thread about log PHP-FPM - php error not written on php error log file

    is it possible to disable log rotate? because php, php-fpm, nginx, mysql use daily log rotate
    log will be compressed to a gz file, so i must un gz file to check log

    can i change log rotate to monthly or yearly or make it on one file only? so i can check my log fates.. because my website is small and its not much log created,


    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 6 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.12.2
    • PHP Version Installed: 5.6.33
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? no

      cat /etc/centminmod/custom_config.inc


      Post output in CODE tags.

     
  2. eva2000

    eva2000 Administrator Staff Member

    32,303
    7,172
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,906
    Local Time:
    2:43 AM
    Nginx 1.13.x
    MariaDB 5.5
    not advisable to disable log rotation as log size can get out of control. Standard method is not to unzip/uncompress logs but to use the appropriate commands like zcat/zgrep, xzcat/xzgrep and bzcat/bzgrep to manipulate and view compressed logs for .gz, .xz and .bz2 compressed files respectively

    Code (Text):
    rpm -ql gzip xz bzip2 | egrep 'bin\/z[cat,grep]|bin\/xz[cat,grep]|bin\/bz[cat,grep]'
    /usr/bin/zcat
    /usr/bin/zcmp
    /usr/bin/zegrep
    /usr/bin/zgrep
    /usr/bin/xzcat
    /usr/bin/xzcmp
    /usr/bin/xzegrep
    /usr/bin/xzgrep
    /usr/bin/bzcat
    /usr/bin/bzcmp
    /usr/bin/bzgrep
    


    so instead of
    Code (Text):
    cat /path/to/logname.log
    grep 'keyword' /path/to/logname.log
    

    for gzip compressed and rotated logs i.e. logname.log.gz would be
    Code (Text):
    zcat /path/to/logname.log.gz
    zgrep 'keyword' /path/to/logname.log.gz
    


    example tail the last 5 lines of compressed csf firewall lfd log
    Code (Text):
    zcat /var/log/lfd.log-20180122.gz | tail -5 | sed -e "s|$(hostname -s)|hostname|g"
    Jan 22 00:45:03 hostname lfd[30008]: IPSET: switching set new_BDESTRONGIPS to bl_BDESTRONGIPS
    Jan 22 00:45:03 hostname lfd[30008]: IPSET: loading set new_6_BDESTRONGIPS with 0 entries
    Jan 22 00:45:03 hostname lfd[30008]: IPSET: switching set new_6_BDESTRONGIPS to bl_6_BDESTRONGIPS
    Jan 22 02:10:24 hostname lfd[14455]: (sshd) Failed SSH login from 54.37.42.23 (FR/France/ip23.ip-54-37-42.eu): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    Jan 22 02:41:27 hostname lfd[20299]: (sshd) Failed SSH login from 111.231.239.220 (CN/China/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    

    or zgrep filter for SSH failed logins in csf firewall lfd compressed log
    Code (Text):
    zgrep 'Failed SSH login' /var/log/lfd.log-20180122.gz | tail -5 | sed -e "s|$(hostname -s)|hostname|g"   
    Jan 21 22:00:56 hostname lfd[23639]: (sshd) Failed SSH login from 95.128.45.223 (GB/United Kingdom/95-128-45-223.aquaray.com): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    Jan 21 22:23:36 hostname lfd[27895]: (sshd) Failed SSH login from 27.72.61.42 (VN/Vietnam/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    Jan 21 23:15:56 hostname lfd[9140]: (sshd) Failed SSH login from 91.121.89.222 (FR/France/ovh.perriot.fr): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    Jan 22 02:10:24 hostname lfd[14455]: (sshd) Failed SSH login from 54.37.42.23 (FR/France/ip23.ip-54-37-42.eu): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    Jan 22 02:41:27 hostname lfd[20299]: (sshd) Failed SSH login from 111.231.239.220 (CN/China/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    
     
    • Like Like x 1