Date: Sun, 4 Nov 2001 23:03:13 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: httpd log files big Message-ID: <20011104230313.C35500@keyslapper.org> In-Reply-To: <Pine.LNX.4.33.0111040547290.948-100000@www.digitalspy.co.uk> References: <200111040049.AA3553034428@florida-wireless.com> <Pine.LNX.4.33.0111040547290.948-100000@www.digitalspy.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--V88s5gaDVPzZ0KCq Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 11/04/01 05:53 AM, Mark Hughes sat at the `puter and typed: > On Sun, 4 Nov 2001, brain_damaged wrote: >=20 > > Hello > > I noticed that my / was full. > > I could not understand why and noticed that under > > /var/log that my httpd-access and httpd-error logs are over 8 megs big. > > I am running apache 3.1.9 > > I am not sure were to setup a log rotation for it so that they don't ge= t that big. > > how do I do that or can I ? >=20 > Sounds like nimda's doing. I came to my log files the other day on my > machine attached to my DSL line, and they'd shot up to 25MB - which is > ridiculous given that the web server itself has probably done less that > 100 hits since June. >=20 > It is possible to set up a log rotation script - i'm not sure of the > "correct" way of doing it, but what I'd do would be to run a nightly or > weekly cron job which called a script that: > > 1) copied and gzip'd the old log files to an archive location > 2) touch'd new logfiles > 3) restarted apache to get it using the new log files. >=20 > Shouldn't be too challenging to write a script to do that. Ryan Thompson mentions logrotate in his response. IIRC, logrotate is one of the Linux tools used to rotate logs. But he's close, it's actually rotatelogs (8). The manpage doesn't go into a whole lot of detail as to how to use it, and the horse book doesn't even mention it. OTOH, you could just use newsyslog, but you can't do a blanket roll with just one signal. This is what I did in /etc/newslog.conf: /var/log/https_engine_log 644 5 * $W6D0 Z /var/log/https_request_log 644 5 * $W6D0 Z /var/log/httpd-access_log 644 5 * $W6D0 Z /var/log/httpd-error_log 644 5 * $W6D0 Z /var/run/httpd.pid Of course you need to set the paths and filenames to your system, but this will hopefully roll the logs and send the SIGHUP to Apache when the last one is rolled (Saturday night at Midnight). IIRC, newsyslog is run on cron by default, so you don't even have to reboot. Not as nice as rotatelogs, but easier to set up until you can figure out the rotatelogs details. > > And does anyone have a perl script or program to read the httpd > > logs and pull out failed access or something to auto notify of > > virus attacks or such ? >=20 > I think there is a couple of apache perl modules called Apache::CodeRed > and Apache::Nimda - available from http://acadia.ne.mediaone.net/Nimda/ These modules will be moving permanently to http://www.keyslapper.org/Nimda/, but I will be redirecting acadia shortly. I'd suggest going with the Nimda module at least (I suspect Nimda has done more to cause the extinction of CodeRed than all the other control methods together). These modules, and some of the config suggestions on that page will also help eliminate those messages from your logs if you like. Cheers Lou --=20 Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org =D4=BF=D4=AC Murphy's Law of Research: Enough research will tend to support your theory. --V88s5gaDVPzZ0KCq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE75g+BeAPWYrNkRWIRAsShAJ4n9bWmWR6gmHOiZaqPS/sxYuwNPQCdFq+s 3yYI1tYYEOej4WT553qC9c0= =cFEj -----END PGP SIGNATURE----- --V88s5gaDVPzZ0KCq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011104230313.C35500>