From owner-freebsd-questions Sat Nov 3 22:12:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 5183537B409 for ; Sat, 3 Nov 2001 22:12:14 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id AAA78787; Sun, 4 Nov 2001 00:12:07 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 4 Nov 2001 00:12:07 -0600 (CST) From: Ryan Thompson To: Mark Hughes Cc: brain_damaged , freebsd-questions@FreeBSD.ORG Subject: Re: httpd log files big In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mark Hughes wrote to brain_damaged: > On Sun, 4 Nov 2001, brain_damaged wrote: > > > Hello > > I noticed that my / was full. > > I could not understand why and noticed that under > > /var/log that my httpd-access and httpd-error logs are over 8 megs big. > > I am running apache 3.1.9 > > I am not sure were to setup a log rotation for it so that they don't get that big. > > how do I do that or can I ? > > Sounds like nimda's doing. I came to my log files the other day on my > machine attached to my DSL line, and they'd shot up to 25MB - which is > ridiculous given that the web server itself has probably done less > that 100 hits since June. > > It is possible to set up a log rotation script - i'm not sure of the > "correct" way of doing it, but what I'd do would be to run a nightly > or weekly cron job which called a script that: > > 1) copied and gzip'd the old log files to an archive location > 2) touch'd new logfiles > 3) restarted apache to get it using the new log files. This will work, but Apache includes a nifty program called logrotate that accepts input from a piped Apache logfile. Doesn't require cron, doesn't require a script, and (this is the best part) doesn't require you to restart Apache, which can take a long time if you have several thousand vhosts and/or tons of SSL keys.. :-) - Ryan > Shouldn't be too challenging to write a script to do that. > > > And does anyone have a perl script or program to read the httpd logs and pull out failed access or something to auto notify of virus attacks or such ? > > I think there is a couple of apache perl modules called Apache::CodeRed > and Apache::Nimda - available from http://acadia.ne.mediaone.net/Nimda/ Wasn't aware of those :-) > Hope this helps. > Mark > > -- > Mark Hughes - DVD & Film Content Manager, Technical Officer > Digital Spy Ltd > http://www.digitalspy.co.uk/ > Your number one source for digital media and entertainment news! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message