Fedora Linux

 2 404 responses
POST /garethjones/photos/--WEBBOT-SELF-- HTTP/1.0 with response code(s)
 1 404 responses
GET http://bluesky.fedorabook.com/foo HTTP/1.1 with response code(s)
 1 404 responses
---------------------- httpd End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
 chris:
  172.16.97.2: 3 times
--------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/main-root 9.5G 2.9G 6.1G 33% /
/dev/hda1 99M 9.7M 84M 11% /boot
/dev/mapper/main-home 4.9G 24M 4.7G 1% /home
---------------------- Disk Space End -------------------------
###################### LogWatch End #########################

This report will vary according to the services you have installed, but it provides a simple, easy-to-scan summary of log entries that may warrant attention. It also provides a summary of free disk space; if you methodically review these email messages, you won't be caught unaware when your storage needs start to inch upward.

8.7.1.6. Log rotation

Logfiles can grow to be massive. The Fedora logrotate package automatically moves historical log data into history files and keeps a limited number of history files on hand.

logrotate is configured through the master configuration file /etc/logrotate.conf :

# see 'man logrotate' for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) logfiles after rotating old ones
create
# uncomment this if you want your logfiles compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
 monthly
 create 0664 root utmp
 rotate 1
}
# system-specific logs may be also be configured here.

The most frequently altered lines are highlighted in bold: logrotate is initially configured to rotate logs every week and to save the last four historical logfiles in addition to the current log. If you have a lot of storage and wish to keep more history, edit the rotate line to increase the number of history files maintained, or change the weekly line to monthly to reduce the frequency of history snapshots (which can make it easier to analyze patterns over a longer period of time without merging data from several files).

The default configuration results in five separate message files being present on the system:

$ ls -l /var/log/messages*
-rw------- 1 root root 86592 Jun 1 02:49 /var/log/messages
-rw------- 1 root root 85053 May 30 02:03 /var/log/messages.1
-rw------- 1 root root 105491 May 26 23:51 /var/log/messages.2
-rw------- 1 root root 74062 May 7 04:12 /var/log/messages.3
-rw------- 1 root root 286194 May 2 13:00 /var/log/messages.4

logrotate also uses per-logfile configuration files in /etc/logrotate.d. These files are installed by various RPM packages that generate logfiles.

8.7.2. How Does It Work?

The main system logging utility is named syslog . It is network-based and uses a server daemon, syslogd , which receives messages from all sorts of system programs through the Unix domain socket /var/log . These messages are matched against the lines in /etc/syslog.conf and written to the selected destinations.

Kernel messages are stored in a buffer that is read by a helper daemon named klogd , either by reading the file /proc/kmesg or by using a kernel system call. klogd then forwards these messages to syslogd for inclusion in the system logs.

A syslog network server listens to UDP port 514 and processes any messages received there through the normal routing decisions.

One significant problem with the syslog implementation is that there is absolutely no authentication performed. Any application can log any message with any facility and priority. Therefore it is relatively easy to spoof log messages or to create a denial-of-service attack by sending huge numbers of logfile entries, eventually filling all available disk space and making it impossible to log further events. (For this reason, it is a good idea to use a separate filesystem for /var/log ).