From owner-freebsd-questions  Sat Nov  3 22: 5:38 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 0CAB737B417
	for <freebsd-questions@FreeBSD.ORG>; Sat,  3 Nov 2001 22:05:35 -0800 (PST)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id AAA77876;
	Sun, 4 Nov 2001 00:05:20 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Sun, 4 Nov 2001 00:05:20 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: brain_damaged <brain_damaged@florida-wireless.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: httpd log files big 
In-Reply-To: <200111040049.AA3553034428@florida-wireless.com>
Message-ID: <Pine.BSF.4.21.0111032357121.66878-100000@ren.sasknow.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

brain_damaged wrote to freebsd-questions@FreeBSD.ORG:

> Hello
> I noticed that my / was full.
> I could not understand why and noticed that under
> /var/log that my httpd-access and httpd-error logs are over 8 megs big.

We go through that in an afternoon on some sites we host. ;-)


> I am running apache 3.1.9

Unlikely.. Maybe you mean 1.3.9? :-)


> I am not sure were to setup a log rotation for it so that they don't
> get that big. how do I do that or can I ?

Yes, apache includes a program called "logrotate" that does this very
nicely, so you don't have to kill the server. It's pretty simple to
implement... man 8 logrotate.

> And does anyone have a perl script or program to read the httpd logs
> and pull out failed access or something to auto notify of virus
> attacks or such ?

Sure... It's pretty trivial to write a shell script with grep/awk etc to
pull out the bits you want. You can fine tune a Perl script a bit more.
Maybe if you post some specific requirements one of us can help you write
something.

General (untested) approach using grep:

#!/bin/sh
grep -v cmd.exe $1
| grep -v root.exe
| grep -v something_else_you_want_to_filter



> Thanks
> Bd
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message