wtmp and auth.log data retention
I'm looking through my wtmp and auth.log files on an Ubuntu 8.04 64-bit server install. The files don't contain much data beyond 60 days. I have looked in /etc/logrotat.d/ files to see if there is a limit set; however, I don't even find any settings specific to these logs.
Can someone tell me what the default data retention is for these logs, where that is stored, and how to change the default? Thanks. |
If no service-specific configuration files exist in /etc/logrotate.d, and they're not in /etc/logrotate.d/system for example, then check /etc/logrotate.conf?
|
Quote:
/var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } So, if I understand this correctly, the wtmp files should be getting rotated every month; however, because of the "rotate 1" option I will only have one historical log (i.e., wtmp.1) at any given time. Can I remove the "rotate 1" option to keep logs indefinitely? There isn't a great deal of login activity so filling up the drive isn't really a concern. There is also an entry for /var/log/btmp which, as I understand it, is for bad login attempts and has the same settings as utmp. So, I want to remove the "rotate 1" option from it. None of these has anything to do with the auth.log files, so I would still like to know where the settings for those are stored. I don't believe the system has been compromised, but the prior sys admin didn't leave on the best terms and I am wondering if he deleted them or if this is normal system behavior. Thanks. |
Quote:
Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 10:56 AM. |