Centos – Rotating Iptables logs with logrotate

centosiptableslogginglogrotate

I'm running CentOS6 and I configured rsyslog to monitor my iptables warning messages and dump them in /var/log/iptables.log. I went through my logrotate.d/syslog file and added iptables.log so logrotate would pick up and rotate the logs. The file looks like this:

/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/iptables.log
{
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

However, when I run logrotate -f -v logrotate.conf to trigger a force roll, the iptables.log file doesn't roll. To make logrotate not barf on the iptables file, I created a iptables.log-20121014 file.

My output when I run the command looks like this:

rotating log /var/log/iptables.log, log->rotateCount is 4
dateext suffix '-20121021'

I'm flummoxed. How do I get logrotate to roll the file? I'm not 100% sure if I configured it correctly, but I don't know enough to be certain if that's the case.

Best Answer

I believe a more effective solution would be to actually create a specific logrotate instance for iptables instead of adding it directly to your syslog logrotate instance.

Do this by:

$ touch /etc/logrotate.d/iptables

Now, configure the logrotation as you'd like, an example would be the following (You may find all options HERE (logrotate.conf):

$ vi iptables
/var/log/iptables.log {
missingok
notifempty
size 30k
create 0600 root root
postrotate
    /etc/rc.d/init.d/rsyslog restart ; sleep 5
endscript
}

This should provide the functionality you're searching for.

Related Solutions

Centos – Logrotate Mysql – No rotate happens

Threre is no rotation, because you are using -d option. From manual:

-d Turns on debug mode and implies -v. In debug mode, no changes will be made to the logs or to the logrotate state file.

I have two suggestions:

Upgrade OS to x86_64 if possible, because you have 2,5GB memory limit per process
Don't use -pPassword parameter with mysql for security reasons, it's better to use --defaults-extra-file=path_to_extra, which is readable only by root. When somebody, who has access to server execute ps -ef | grep mysql, it will see root password for database.

Here is my logrotate /etc/logrotate.d/mysql script for mysql on CentOS 5 (mysql Ver 14.12 Distrib 5.0.77, for redhat-linux-gnu (x86_64) using readline 5.1):

# If the root user has a password you have to create a
# /.my.cnf configuration file with the following
# content:
#
# [mysqladmin]
# password = <secret>
# user = <username>
#
# where "<secret>" is the password and <username> is user.
#
# ATTENTION: This /.my.cnf should be readable ONLY
# for root !
/var/log/mysqld.log {
        create 640 mysql mysql
        notifempty
        missingok
        postrotate
                # just if mysqld is really running
                if test -x /usr/bin/mysqladmin && \
                   /usr/bin/mysqladmin --defaults-extra-file=/root/mysql/logrotate.cnf ping &>/dev/null
                then
                   /usr/bin/mysqladmin --defaults-extra-file=/root/mysql/logrotate.cnf flush-logs
                fi
                /usr/bin/chcon -u system_u -r object_r -t mysqld_log_t /var/log/mysqld.log
        endscript
}

Centos – named stopped logging to rsyslog after logs rotate

I suppose you're using chrooted bind. You have to add this line to the rsyslog.conf:

$AddUnixListenSocket /var/named/chroot/dev/log

Make sure you use right path to the chrooted dev on your system.

Luf

Best Answer

Related Solutions

Centos – Logrotate Mysql – No rotate happens

Centos – named stopped logging to rsyslog after logs rotate

Related Topic