• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • Devaka Cooray
Saloon Keepers:
  • Ganesh Patekar
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
Bartenders:
  • Ron McLeod
  • Frits Walraven
  • Pete Letkeman

Log Rotation does not seem to be working CentOS4.5  RSS feed

 
Ranch Hand
Posts: 280
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Gang,

Another day, another issue...

for some reason the log file for snort

/var/log/snort/alert

is not getting rotated daily. It is just getting
bigger and bigger. I have taken a look at the
logrotate services and it should be rotating properly.
Anyone have any ideas here? I am attaching the
appropriate logrotate config files below. Let me know if you need more information.

Thanks,

-Jason


============================================
# /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this
directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
============================================


============================================
# /etc/logrotate.d/snort
# $Id$

/var/log/snort/alert /var/log/snort/*log
/var/log/snort/*/alert /var/log/snort/*/*log {
daily
rotate 7
compress
missingok
notifempty
create 0640 snort adm
sharedscripts
postrotate
/etc/init.d/snortd restart 1>/dev/null || true
endscript
}
============================================

Anything I am missing here?
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!