Linux iad1-shared-b7-18 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64
Apache
: 67.205.6.31 | : 216.73.216.47
Cant Read [ /etc/named.conf ]
8.2.29
fernandoquevedo
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
analog /
how-to /
logrotat /
[ HOME SHELL ]
Name
Size
Permission
Action
index.html
7.66
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : index.html
<html> <head> <meta http-equiv="Content-Language" content="en-gb"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta name="GENERATOR" content="Microsoft FrontPage 4.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <link rel="stylesheet" type="text/css" href="../anlghow.css"> <title>Analog and web server logfile rollovers</title> </head> <body> <h1 align="center"> HOW-TO<br> Rotate <a href="http://www.analog.cx/">Analog</a> and web server logfiles</h1> <p align="center">This HOW-TO written by <a href="mailto:brian@omegadm.co.uk">Brian Clifton</a> with thanks to <font COLOR="#000080"><a href="mailto:kerezman@kgon.com">Karel Kerezman</a></font> <a href="mailto:brian@omegadm.co.uk"><br> </a><i><font size="2">Originally written 2000-06-29. Last update 2002-01-04.</font></i></p> <h2>Purpose</h2> <p>Analog is claimed as the most popular web logfile analyser in the world. (<a href="http://www.analog.cx/survey.html">Details</a>). Whether running multiple virtual hosts or a single root web server, a useful feature is to run Analog and then roll over both the logfile just analysed and the Analog report file. At the same time, the logfile can be compressed and the Analog report e-mailed to yourself or the virtual host client. This can be achieved quite simply using <a href="http://www.linuxnewbie.com/">crontab</a> and <a href="http://www.linuxnewbie.com/">logrotate</a>.</p> <h2>System</h2> <p>This example was developed and tested using a default install of RedHat 6.1 using Apache v1.3.9-8 and Analog v4.11. Also running on RedHat 7.0 using Apache 1.3.14. Please note, this is just one example and is not the only method of achieving the same goal!</p> <h2>Schematic example</h2> <p>Each week (or any set time period):</p> <ul> <li>Analog runs on the selected log file</li> <li>rotate and compress logfile</li> <li>rotate Analog report</li> <li>e-mail report to admin (or any e-mail address)</li> <li>After 4 weeks (or any number) overwrite files with new ones</li> </ul> <p>This results in the following files being created:</p> <ul> <li>combined_log.1.gz</li> <li>combined_log.2.gz</li> <li>combined_log.3.gz</li> <li>combined_log.4.gz</li> <li>combined_log.html.1</li> <li>combined_log.html.2</li> <li>combined_log.html.3</li> <li>combined_log.html.4</li> </ul> <p>By this method combined_log.html has no meaning as upon creation it is immediately rotated. In this example, apache is using the 'combined' log format described in http.conf e.g.</p> <blockquote> <p><font face="Courier" size="2" color="#800000"># The following directives define some format nicknames for use with<br> # a CustomLog directive (see below).<br> #<br> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined</font></p> <p><font color="#800000"><font size="2" face="Courier"><VirtualHost www.adomain.tld><br> ...<br> ...<br> </font><font size="2" face="Courier">CustomLog /home/httpd/path_to_home_dir/logs_dir/name_of_log_file combined<br> </VirtualHost></font></font></p> </blockquote> <p> </p> <h2>Method</h2> <p>Each minute, the system crontab checks what jobs require scheduling. Scheduling is set in the etc/crontab file.</p> <blockquote> <p><font color="#800000" size="2" face="Courier">SHELL=/bin/bash<br> PATH=/sbin:/bin:/usr/sbin:/usr/bin<br> MAILTO=root<br> HOME=/<br> <br> # column headings - thanks Toby<br> # mins, hr, date, month, day, command<br> <br> # run-parts<br> # Min Hr Date Month Day Owner Command File<br> 01 * * * * root run-parts /etc/cron.hourly<br> 02 4 * * * root run-parts /etc/cron.daily<br> 22 4 * * 0 root run-parts /etc/cron.weekly<br> 42 4 1 * * root run-parts /etc/cron.monthly</font></p> </blockquote> <p>and what jobs are to be run is described in for example /etc/cron.weekly. In the above example, the directory /etc/cron.weekly is checked at 04:22 every Sunday morning.</p> <p>My /etc/cron.weekly directory contains a :</p> <blockquote> <p><font color="#800000" face="Courier" size="2">logrotate<br> makewhatis.cron<br> slocate.cron<br> tmpwatch</font></p> </blockquote> <p>The important file is <b>logrotate:</b></p> <blockquote> <p><font color="#800000" face="Courier" size="2">#!/bin/sh<br> #added by bc 23/5/00 to rotate apache logs<br> /usr/bin/analog -G +g/home/httpd/path_to analogue_cfg file/vdomain.cfg<br> <br> /usr/sbin/logrotate /etc/logrotate.conf</font><br> </p> </blockquote> <p>The third line runs Analog for a virtual host. The last line does the rotation. logrotate.conf contains:</p> <blockquote> <p><font color="#800000" size="2" face="Courier"># see "man logrotate" for details<br> # rotate log files weekly<br> weekly<br> <br> # keep 4 weeks worth of backlogs<br> rotate 4<br> <br> # send errors to root<br> errors your@emailaddress<br> <br> # create new (empty) log files after rotating old ones<br> create<br> <br> # uncomment this if you want your log files compressed<br> #compress<br> <br> # RPM packages drop log rotation information into this directory<br> include /etc/logrotate.d<br> <br> # no packages own lastlog or wtmp -- we'll rotate them here<br> /var/log/wtmp {<br> monthly<br> create 0664 root utmp<br> rotate 1<br> }<br> <br> /var/log/lastlog {<br> monthly<br> rotate 1<br> }<br> <br> # system-specific logs may be configured here<br> # Added by BC 22/5/00<br> <br> # rotate log file:<br> /home/httpd/company-domains.net/logs/combined_log {<br> ifempty<br> copytruncate<br> rotate 4<br> weekly<br> mailfirst <br> #mail your@emailaddress<br> errors your@emailaddress<br> compress<br> postrotate<br> /usr/bin/killall -HUP httpd<br> endscript<br> }<br> <br> # rotate Analog report:<br> /home/httpd/company-domains.net/logs/combined_log.html {<br> ifempty<br> copytruncate<br> rotate 4<br> weekly<br> mailfirst <br> mail your@emailaddress<br> errors your@emailaddress<br> nocompress<br> }</font></p> </blockquote> <p>Note the first part of this file (up to <font color="#800000" size="2" face="Courier"># Added by BC 22/5/00</font>) sets default parameters. Below my comment, parameters over-ride the defaults. One caveat of the default parameters is:</p> <blockquote> <p> <font color="#800000" size="2" face="Courier"># send errors to root<br> errors your@emailaddress</font></p> </blockquote> <p>This does not work as etc/crontab has: <font color="#800000" size="2" face="Courier">MAILTO=root</font> which over-rides that set in logrotate.conf</p> <p>The part that does the rotating/compressing/e-mailing, follows the comment:</p> <blockquote> <p><font color="#800000" size="2" face="Courier"># system-specific logs may be configured here<br> # Added by BC 22/5/00</font></p> </blockquote> <p>Read <font color="#800000" size="2" face="Courier">man logrotate </font>for details concerning what options may be useful to you. Another caveat is that the man file appears to indicate the <b>order</b> of the commands is un-important. For example (RedHat 6.1):</p> <blockquote> <p><font color="#800000" size="2" face="Courier"> nocompress</font></p> </blockquote> <p>for /var/log/news/* appears after <font color="#800000" face="Courier" size="2">endscript</font>. However changing this to <font color="#800000" size="2" face="Courier">compress</font> will <b>not</b> work. It must come above <font size="2" face="Courier" color="#800000">postrotate</font>.</p> <hr> <p><a href="mailto:brian@omegadm.co.uk">Brian Clifton</a><br> <br><a href="../index.html">Back to index of How-To's</a> </p> </body> </html>
Close
