Keep web log files longer

S

sparek

Verified User
Joined
Jun 27, 2019
Messages
506
I'm sure I'm probably missing something, but I can't seem to find it.

Is there a way to keep Apache domain logs longer than just the current day?

It looks like the nightly tally run is truncating all of the domain logs in /var/log/httpd/domains so the log files are only reporting the current days worth.

I'd prefer to keep a month or two worth of the logs.

Or is tally archiving these logs some where before truncating them?
 
Hmm...

Not really what I'm looking for - maybe what I'm looking for doesn't exist natively in DirectAdmin, so I may need to come up with my own solution.

This would seem to put the burden on the user in maintaining logs (takes up their disk space). While also leading to a potential security "issue" (i.e. they can remove their own logs, so if I'm wanting to track something down from within their logs, and they've deleted their logs, then I'm SOL).

That's OK. I'll see what I can write up to do this the way I want it to work. I just thought there might be some native function in DirectAdmin that does this.
 
If your worried about system log security, setup a rsyslog server.

For web logs the simple method would be to use one of the mentioned links above. If you want web logs also sent off server you may have to make something yourself.

For all the servers I manage I have a central log server which receives a copy of everything that runs though rsyslog, which is also running LibreNMS for monitoring all the servers (SNMP and Agent) (Graphing Exim/Apache/Nginx/MariaDB/Bind/Interfaces/system load/etc...). That way I have alerts if certain events happen, and can keep logs as long as I want, and history of performance. For web logs I am less worried, I have de-duplicated file backups every 6 hours of all important parts of the system (including all logs), only limited by the amount of backup storage. If somehow someone got in I will have record of it.
 
Server Manager - Administrator Settings - Tab Server Settings -> Keep Number of Apache Log Backups
 
sparek said:
(i.e. they can remove their own logs, so if I'm wanting to track something down from within their logs, and they've deleted their logs, then I'm SOL).
.
Click to expand...
How they can remove ?

I trying this in my server.

/home/{USER}/domains/*/logs/
Code: 
rm -f Apr-2022.tar.gz
rm: cannot remove 'Apr-2022.tar.gz': Permission denied
 
Last edited:
jamgames2 said:
How they can remove ?

I trying this in my server.

/home/{USER}/domains/*/logs/
Code: 
rm -f Apr-2022.tar.gz
rm: cannot remove 'Apr-2022.tar.gz': Permission denied
Click to expand...

Not really sure what interface your using here or how you are doing this. Or maybe it's my setup that is extra special.

But files in /home/${USER}/domains/*/logs are owned by ${USER}. The directory /home/${USER}/domains/*/logs is owned by ${USER}. ${USER} can delete files that they own.

Are you logging in as ${USER}? Or are you logging in as some other user on your server? Another user (non-root) won't be able to delete the files - that's true. But ${USER} themselves will be able to.
 
@sparek
it one of my ssh account and log from current login user, it permission "nobody:{USER}" 0644

I don't check directory yet, but files inside directory are "nobody:{USER}" 0644
 
Last edited:
Hmm.

All of my /home/*/domains/*/logs directories and files are owned by their respective user. Not sure who is right and who is wrong here. Maybe there's a configuration option that we differ on.

Anybody else want to chime in with how their logs directory looks?
 
You must log in or register to reply here.
Back
Top