/var/log upkeep and importance

/var/log upkeep and importance

Post by Dirk Geschk » Sat, 30 Aug 1997 04:00:00




> Is there any online documentation that explains about the log files here
> and how to treat these log files?  Specifically wtmp?  I'm wondering if
> it's safe to delete it any/all of these from time to time.  "man wtmp"
> said certain processes use wtmp but intimated that I could delete it and
> there'd only be no more logging.  The file's getting big and it's not in
> text form.  That's the largest file by far, but other ones are getting
> bloated.  I looked at the SAG but didn't find anything specific.  It said
> most of these files grow indefinitely, and may require cleaning, not which
> ones can or can't be safely removed.

The wtmp file records the login's and logout's of your system. You can remove
it if you aren't interested in this information. After this you can create this
file and the logging of this informations go on.

The other log files work analogue. The main file is usually /var/log/messages.
Here it is a little more complicated to cut the file. One method to reduce this
is like this:

cp /var/log/messages /var/log/messages.old
cp /dev/null /var/log/messages

This reduces the length of messages to zero. The logging still goes on. The old file
messages.old can be removed (after inspection) or you can gzip it to reduce the
size. You can do this with all files used by syslogd. To see which files the daemon
uses look at

/etc/syslog.conf

Dirk.

 
 
 

/var/log upkeep and importance

Post by frank.boe.. » Sat, 30 Aug 1997 04:00:00




> > Is there any online documentation that explains about the log files here
> > and how to treat these log files?  Specifically wtmp?  I'm wondering if
> > it's safe to delete it any/all of these from time to time.
> Feel free to nuke wtmp.

Right.
As for the other log files, if they are growing too fast
you may consider modifying /etc/syslog.conf (man 8 syslog.conf).
Once dealing with that stuff, you may also consider redirecting
important messages to /dev/console, for instance. This simplifies
tracing down problems while testing new software (allmost all
daemons use the syslog mechanism) and is more handy than
the common advice
tail -f /var/log/<whatever>.
However, be aware of security holes such as displayed passwords etc...

Frank

--

------------------------------------------------------------------
How can you be in two places at once when you're not anywhere at all

 
 
 

1. How large can /var/log/messages and /var/log/syslog get ?

My /var/log/messages is now over 3 meg, and my syslog is 200+ k. I'm
very curious how far is this going to go ?
Is there a way to restrict their sizes ?

cheers,
Hong Siang.
--
======================================================================
The sticker on the box said, "Windows 95, Windows NT 4.0, or better."
So I installed Linux.
======================================================================
Teo Hong Siang                                   Tel (H): (65)746 2598
Manager, DTG Development Office                      (O): (65)772 7114

2. New KERNEL lost my CD-ROM!!!!!

3. How to close /var/log/syslog and /var/log/messages..

4. Netscape not running

5. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

6. httpd binaries for Linux?

7. Check your ppp.log or ppp.tun0.log in /var/log

8. MacDraw-->PostScript saves, and devps question...

9. ipppd logs in /var/log/ipppd-auth.log ??

10. How can I get ipppd to log in /var/log/ipppd-auth.log ????

11. Why does: "tail -f /var/log/messages | grep eth0 >> /var/log/eth0.log" create an empty log ?

12. Help with log files on /var/log/*

13. ATAPI cd-rom creates many, many logs in /var/log/messages