- Previous thread: openoffice.org won't open files on my usb drive
- Next thread: gpgv
- Threads sorted by date: debian 200908
Hi all --
This is a long shot, but I thought I'd ask here.
I have a multiply-upgraded Debian "etch" box, which is also a log
host (i.e. many other hosts log on it via the UDP port that syslog provides),
and our policies regarding log retention have recently changed.
My problem is that I can't figure out who is rotating /var/log/auth.log.
It's currently being rotated every day, and retained for a week.
I spent a lot of quality time today with the logrotate documentation,
and I'm confident that it's not in any logrotate scripts.
I also checked out the cron-driven log rotation that's done by the
scripts that come with the sysklogd package, and that package seems to
be set up to rotate it weekly -- this may be working, but never getting
the chance, because the daily rotations are colliding with the weekly
effort.
I know that rsyslogd provides logrotate packages, many of my systems
work that way, but this system does not have rsyslogd installed.
There are also some residual syslog-ng scripts, but they don't
appear to be active.
What I *do* know is that whatever is rotating the auth logs is
cron-triggered -- they all have 06:25 time-stamps, suggesting they're
run from /etc/cron.daily somewhere.
But I've looked at all those scripts, and none of them seem to
do it.
Possibly relevant is that this system is very old, and has been
transplanted to new hardware several times -- I think it started out
as Debian "potato", and has been steadily upgraded over the years, so
it could be left-over functionality from some ancient package that's
mucking things up.
So, my specific question is, is there anything *else* besides logrotate
or sysklogd scripts that can do log rotations? Some obscure cron thing
that doesn't show up when I grep for "auth" or "log", because it's doing
some kind of crazy pattern-matching thing?
Thanks in advance...
-- A.
--
Andrew Reid / reidac@bellatlantic.net
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
On 2009-08-22 01:08 +0200, Andrew Reid wrote:
> I have a multiply-upgraded Debian "etch" box, which is also a log
> host (i.e. many other hosts log on it via the UDP port that syslog provides),
> and our policies regarding log retention have recently changed.
>
> My problem is that I can't figure out who is rotating /var/log/auth.log.
>
> It's currently being rotated every day, and retained for a week.
>
> I spent a lot of quality time today with the logrotate documentation,
> and I'm confident that it's not in any logrotate scripts.
If you are using sysklogd (the standard syslog daemon in Etch), the
answer is that it uses savelog, not logrotate. See bug #44523¹.
The good news is that in Lenny and later, rsyslog² is the standard
syslog daemon, and it uses logrotate. Of course, upgrading an existing
system will not change your syslog daemon.
There is also an Etch backport of rsyslog, if you would like to use it
without upgrading to Lenny.
¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=44523
² http://packages.debian.org/rsyslog
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> I have a multiply-upgraded Debian "etch" box, which is also a log
> host (i.e. many other hosts log on it via the UDP port that syslog provides),
> and our policies regarding log retention have recently changed.
>
> My problem is that I can't figure out who is rotating /var/log/auth.log.
>
> It's currently being rotated every day, and retained for a week.
>
> I spent a lot of quality time today with the logrotate documentation,
> and I'm confident that it's not in any logrotate scripts.
If you are using sysklogd (the standard syslog daemon in Etch), the
answer is that it uses savelog, not logrotate. See bug #44523¹.
The good news is that in Lenny and later, rsyslog² is the standard
syslog daemon, and it uses logrotate. Of course, upgrading an existing
system will not change your syslog daemon.
There is also an Etch backport of rsyslog, if you would like to use it
without upgrading to Lenny.
¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=44523
² http://packages.debian.org/rsyslog
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
On Saturday 22 August 2009 02:09:09 Sven Joachim wrote:
> On 2009-08-22 01:08 +0200, Andrew Reid wrote:
> > My problem is that I can't figure out who is rotating
> > /var/log/auth.log.
> >
> > It's currently being rotated every day, and retained for a week.
> >
> If you are using sysklogd (the standard syslog daemon in Etch), the
> answer is that it uses savelog, not logrotate. See bug #44523
> On 2009-08-22 01:08 +0200, Andrew Reid wrote:
> > My problem is that I can't figure out who is rotating
> > /var/log/auth.log.
> >
> > It's currently being rotated every day, and retained for a week.
> >
> If you are using sysklogd (the standard syslog daemon in Etch), the
> answer is that it uses savelog, not logrotate. See bug #44523
Related Threads
- Possible ORM bug [weekly update for GSoC '09 admin UI improvements] - django
- Fw: [Samba] HP Laserjet Printer Installation - samba
- --copy-links and --hard-links - samba
- Converting[/Upgrading] httpd (yum version) to src version - fedora
- camel-restlet - Why is it not InOut by default - apachecamel
- [qooxdoo-devel] Inline(page flow) and 100% width - javascript
- Admin list_filter and using a method instead - django