Quote:
Originally Posted by unSpawn
If no service-specific configuration files exist in /etc/logrotate.d, and they're not in /etc/logrotate.d/system for example, then check /etc/logrotate.conf?
|
I found an entry in /etc/logrotate.conf as you suggested. It says:
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
So, if I understand this correctly, the wtmp files should be getting rotated every month; however, because of the "rotate 1" option I will only have one historical log (i.e., wtmp.1) at any given time.
Can I remove the "rotate 1" option to keep logs indefinitely? There isn't a great deal of login activity so filling up the drive isn't really a concern.
There is also an entry for /var/log/btmp which, as I understand it, is for bad login attempts and has the same settings as utmp. So, I want to remove the "rotate 1" option from it.
None of these has anything to do with the auth.log files, so I would still like to know where the settings for those are stored. I don't believe the system has been compromised, but the prior sys admin didn't leave on the best terms and I am wondering if he deleted them or if this is normal system behavior.
Thanks.