Change logrotation on domainlogs in /var/log

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
13,530
Location
Maastricht
Seems that the logrotate setting in the directadmin.conf is only taking care of the logs in the user homedirs:
/home/<username>/domains/<domain>/logs/

But the system's userdomain logs are truncated every night:
/var/log/httpd/domains/domain*.log

It happens more often, by adware, exploits or bruteforcing, that hackers get access to the users home directory's via ftp or via their DA login.
In that case, they can delete the logs in the homedir.

However, it sometimes contains vital information about the cause of the hack, changed files and some stuff which would not be found in the main httpd.log.
They -are- present in /var/log/httpd/domains/domain*.log but those get truncated daily.

So that is why I would like to suggest to make an option in DA, which creates an option to save those logs for x days, same way it works for the homedir logs.
 
Hello,

They're saved for "x" days, as specified in the setting in:
/home/user/domains/domain.com/logs/*.gz

They're rotated daily as webalizer prefers not to work on live logs.

John
 
more to that, you can add:
Code: 
rotation=0
in your directadmin.conf, and this will stop rotation of the logs. It would then be up to you to rotate them as per your requirements.

John
 
Yes correct, but the suggestion is not to turn rotation off, but to make a rotation option in which they also can be rotated daily, but saved for x days in /var/log/httpd/domains/domain*.log which is a place were neither a user, nore a hacker who hacked the useraccount, can delete the logfiles.

At /home/user/domains/logs both a hacker and a user can delete the files.
If that happens, try to find something back about what happened.

That's why I made the suggestion.:)

If I put rotation to an end, all logs, including those in the homedirs will be stopped rotating, that is not the intention.

Ofcourse I could put the rotation off and make something myself.
But it would be nicer if DA got a bit more secure by adding a x day tar.gz option for the logs in /var/log/httpd/domains instead of truncating them, correct?
They don't need to contain 5 days in 1 gzip file, just 1 day in 1 gzip file is enough and then the possibility to keep thos for x days.
Seens to me changing truncating to gzipping is just a little adjustment for DA, isn't it?
 
I don't get, why do you do cross-posting? It's quite clear, it's up to you, how long do you want Directadmin to keep logs. You can make DA to keep them even a month. I'm not sure, that your users will be glad in that case, to know why they have so little free disk space.

I tried myself as an user to delete logs via SSH/FTP/Directadmin, that failed. Will you and anybody else confirm, that an user can delete rotated logs or a directory with them.

If it's possible in your case, perhaps, it's an issue of broken rights. With default rights, as far, as I'm concerned, that's impossible.
 
How do you mean crossposting? I don't see any crossposting.
The first post in the other section is a question, the other one here is a suggestion for a feature, those are quite different things.
And the /var/log/httpd/domains is a much safer place to keep logs.
We can do anything ourselves, but if nobody makes a suggestion for feature, no things will change to make life easyer and/or the server better, correct?

I will reply to the rest in the other thread, because this is the suggestion section.
Discussing a problem would be off-topic here.
 
I would like to abort this suggestion as it is not necessary.

Reason: Seems that the possibility of deleting the logs is caused by wrong ownership of the log directory's.
I don't know how they became the wrong owner, but since then the logs can't be delete by the user anymore, this suggestion is not needed anymore.

Please close it or discard it.
Sorry for the inconvenience.
 
It would be nice, if John put some lights on the situation, what owner rights for logs dir are default in case of Directadmin.
 
You must log in or register to reply here.
Back
Top