LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-29-2006, 12:45 PM   #1
tjainsworth
LQ Newbie
 
Registered: Jun 2006
Posts: 3

Rep: Reputation: 0
archiving rotated log files


I have to archive the /var/log/messages and /var/log/secure files for five (5) years. I have come up with a naming convention <date>_<hostname>_<original filename> that I am currently using on another OS (OpenVMS). I have been diving into cron - syslog - logrotate - bla bla bla. But I have not come across a security savy method to move the "rotated" files. If the system cron kicks off at 00:00:00, the current log file gets rotated to *.1 - I understand that. But, I do not want to move/rename the log file until the responsible process is "entirely" finished completing the rotate. I have tried to figure out how to do this without having unaccounted seconds in the system. Seems very easy in theory, but getting down in the nuts and bolts is not as intuitive as the man pages convey.

I have a script that is kicked off in the "root" cron that NFS mounts my target directory - copies/moves the file with a rename appending the name as mentioned above, but I would like to modify the logrotate mechanism to do this "cleanly"...cannot miss a beat...

...hope this makes sense...

...thanks in advance...

...learning the hard way...
 
Old 06-30-2006, 10:20 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
OK, turning the problem around on its head, what about running the archive directly before cron does the rotate, so the archive is archiving the previous day's logs?
 
Old 07-05-2006, 08:41 AM   #3
tjainsworth
LQ Newbie
 
Registered: Jun 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Well - I thought of that initially - but there is no gaurantee that all entries are included in the file/log. Maybe I am off here - but if I kick off say a cron job that performs a copy at 00:00:00 of /var/log/messages, then the log gets renamed at the same time or one second after to /var/log/messages.1, there is a few smidgets of a second that could be unaccounted for - so I thought I would wait until the SYSTEM cron renamed it, then after the fact copy/rename the file of to a remote server. Maybe I am paranoid, but the security folks at my customer sites are very particular. And the more I pondered, I thought it would be the cleanest to piggy-back right on the Linux logging schema and have it to the work for me...not exactly intuitive though...

...please correct me if I am off...
 
Old 07-10-2006, 04:53 AM   #4
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
OK....would it be an option to set up logrotate so that instead of it rotating to .1 in the log directory itself, it rotates to the appropriate destination directory directly? Would that help?
 
Old 07-12-2006, 02:00 PM   #5
tjainsworth
LQ Newbie
 
Registered: Jun 2006
Posts: 3

Original Poster
Rep: Reputation: 0
I agree - that to me would be the cleanest - - - now - - - anyone for the syntax and where to put it? Not very intuitive!

thanx!
 
  


Reply

Tags
cron, logrotate


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
splitting and archiving mail files as per username and dates imagineers7 Linux - Enterprise 1 06-12-2006 05:40 AM
Webserver Log Rotation, Stats and Archiving. graq Linux - Enterprise 1 02-24-2006 07:57 PM
Archiving Email Files ? dolphans1 Mandriva 6 06-15-2005 11:12 AM
What archiving app for Linux will do multiple files of the same name from X? t3gah Linux - Software 3 03-19-2005 05:42 AM
Can log files be time stamped? (such as FTP login and transfer log files) bripage Linux - Networking 6 08-08-2002 11:55 PM


All times are GMT -5. The time now is 09:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration