Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: logrotate.conf
Top Forums UNIX for Advanced & Expert Users logrotate.conf Post 302100053 by silicate on Friday 15th of December 2006 03:25:49 PM
Old 12-15-2006
when the logs rotate is defined in the logrotate.conf, you can see more details with "man logrotate"

logrotate is not a deamon, therefore it does not need restarting.

from the man page:
Normally, logrotate is run as a daily cron job. It will not modify a log more than once in one day unless the criterion
for that log is based on the log's size and logrotate is being run more than once each day, or unless the -f or --force
option is used.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to set size in logrotate.conf

Hi,guys: recently,i am puzzled by a question .when i create a new file named by /etc/logrotate.d/debug. The cont. is listed as follow: /var/log/debug { rotate 3 missingok notifempty size=2k prerotate /bin/kill -HUP `cat... (0 Replies)
Discussion started by: icehero
0 Replies

2. UNIX for Advanced & Expert Users

Configuring snmpd.conf and snmptrapd.conf

HI, I want a help for Configuring snmpd.conf and snmptrapd.conf (i.e Configuring SNMP) for receiving TRAPS in my networks. I am using RHEL4.0 OS. Please tell me How I can configure above two files in a proper way and at an advanced level. Especially I am getting... (2 Replies)
Discussion started by: jagdish.machhi@
2 Replies

3. Solaris

basic question on sd.conf and lpc.conf file

Hello Guys, Do we need to configure this file only if we add SAN disk or even if we add local disk, do we need to modify? (4 Replies)
Discussion started by: mokkan
4 Replies

4. UNIX for Advanced & Expert Users

logrotate with /etc/logrotate.conf file

Hi there, I want to rotate the logfiles which are located in /var/log/jboss/tomcat* so I have created a file named as 'tomat' in /etc/logrotate.d/tomcat with the following content. # cat /etc/logrotate.d/tomcat /var/log/jboss/tomcat_access_log*.log { daily nocreate ... (2 Replies)
Discussion started by: skmdu
2 Replies

5. Red Hat

Some questions about Logrotate.conf

Hi all, I have to configure the logrotate.conf file on some Linux RedHat servers. So, by default I seen the file is as follow: # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating... (5 Replies)
Discussion started by: idro
5 Replies

6. Shell Programming and Scripting

Logrotate - I am not able to rotate files using logrotate

I have written script which is working in Home directory perfectly and also compressing log files and rotating correctly. But, when i try to run script for /var/log/ i am able to get compressed log files but not able to get rotation of compressed log files. Please suggest. I am using below command... (5 Replies)
Discussion started by: VSom007
5 Replies

7. AIX

Logrotate - /etc/logrotate.conf does't exist

Hi Admins. I have installed logrotate rpm on Aix 6.1. After the installation of rpm, I don't find /etc/logrotate.conf file and /etc/logrotate.d dir . The config file is located in /opt/freeware/etc/logrotate.conf. When I ran logrotate -v /opt/freeware/etc/logrotate.conf I get below... (2 Replies)
Discussion started by: snchaudhari2
2 Replies

8. AIX

Logrotate.conf

Hey Admins, I have installed logrotate on AIX server. I want to configure it for 1. /var/log/messages – keep 90 days, i.e., weekly rotate 13 2. Syslog – keep 90 days i.e., weekly rotate 13 3. Wtmp – keep 90 days i.e., weekly rotate 13 4. Sulog – keep 90 days i.e., weekly rotate 13 What... (1 Reply)
Discussion started by: snchaudhari2
1 Replies

9. Shell Programming and Scripting

Script to update rsyslog.conf and auditd.conf

Hello all, Newbie here. I'm currently tasked with updating rsyslog.conf and auditd.conf on a large set of servers. I know the exact logging configurations that I want to enable. I have updated both files on on a server and hope to use the updated files as a template for the rest of the... (3 Replies)
Discussion started by: Mide
3 Replies

10. Solaris

Configure resolv.conf and nsswitch.conf

Hi, I've installed Solaris 11.3(live media) and configured DNS. Everytime I reboot the server, resolv.conf got deleted and it created a new nsswitch.conf. I used below to configure both settings: # svccfg -s dns/client svc:/network/dns/client> setprop config/nameserver = (xx.xx.xx.aa... (1 Reply)
Discussion started by: flexihopper18
1 Replies

LEARN ABOUT CENTOS

logrotate_selinux

logrotate_selinux(8)					     SELinux Policy logrotate					      logrotate_selinux(8)

NAME

       logrotate_selinux - Security Enhanced Linux Policy for the logrotate processes

DESCRIPTION

       Security-Enhanced Linux secures the logrotate processes via flexible mandatory access control.

       The  logrotate  processes  execute with the logrotate_t SELinux type. You can check if you have these processes running by executing the ps
       command with the -Z qualifier.

       For example:

       ps -eZ | grep logrotate_t

ENTRYPOINTS

       The logrotate_t SELinux type can be entered via the logrotate_exec_t file type.

       The default entrypoint paths for the logrotate_t domain are the following:

       /etc/cron.(daily|weekly)/sysklogd, /usr/sbin/logrotate

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux logrotate policy is very flexible allowing users to setup their logro-
       tate processes in as secure a method as possible.

       The following process types are defined for logrotate:

       logrotate_t, logrotate_mail_t

       Note:  semanage permissive -a logrotate_t can be used to make the process type logrotate_t permissive. SELinux does not deny access to per-
       missive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  logrotate policy is extremely flexible and has several booleans that  allow
       you to manipulate the policy and run logrotate with the tightest access possible.

       If you want to allow logrotate to manage nfs files, you must turn on the logrotate_use_nfs boolean. Disabled by default.

       setsebool -P logrotate_use_nfs 1

       If  you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default.

       setsebool -P nscd_use_shm 1

       If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean. Disabled by default.

       setsebool -P use_nfs_home_dirs 1

       If you want to support SAMBA home directories, you must turn on the use_samba_home_dirs boolean. Disabled by default.

       setsebool -P use_samba_home_dirs 1

NSSWITCH DOMAIN

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for  the  logrotate_t,  logro-
       tate_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If  you	want  to  allow  confined  applications  to  run  with	kerberos  for the logrotate_t, logrotate_mail_t, you must turn on the ker-
       beros_enabled boolean.

       setsebool -P kerberos_enabled 1

MANAGED FILES

       The SELinux process type logrotate_t can manage files labeled with the following file types.  The paths listed are the  default	paths  for
       these file types.  Note the processes UID still need to have DAC permissions.

       abrt_var_cache_t

	    /var/tmp/abrt(/.*)?
	    /var/cache/abrt(/.*)?
	    /var/spool/abrt(/.*)?
	    /var/spool/debug(/.*)?
	    /var/cache/abrt-di(/.*)?
	    /var/spool/rhsm/debug(/.*)?

       logfile

	    all log files

       logrotate_lock_t

       logrotate_tmp_t

       logrotate_var_lib_t

	    /var/lib/logrotate.status

       named_cache_t

	    /var/named/data(/.*)?
	    /var/lib/unbound(/.*)?
	    /var/named/slaves(/.*)?
	    /var/named/dynamic(/.*)?
	    /var/named/chroot/var/tmp(/.*)?
	    /var/named/chroot/var/named/data(/.*)?
	    /var/named/chroot/var/named/slaves(/.*)?
	    /var/named/chroot/var/named/dynamic(/.*)?

       openshift_var_lib_t

	    /var/lib/openshift(/.*)?
	    /var/lib/stickshift(/.*)?
	    /var/lib/containers(/.*)?

       systemd_passwd_var_run_t

	    /var/run/systemd/ask-password(/.*)?
	    /var/run/systemd/ask-password-block(/.*)?

       var_spool_t

	    /var/spool(/.*)?

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy  governs the access confined processes have to these files.  SELinux logrotate policy is very flexible allowing users to setup their
       logrotate processes in as secure a method as possible.

       STANDARD FILE CONTEXT

       SELinux defines the file context types for the logrotate, if you wanted to store files with these types in a diffent  paths,  you  need	to
       execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t logrotate_exec_t '/srv/logrotate/content(/.*)?'
       restorecon -R -v /srv/mylogrotate_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for logrotate:

       logrotate_exec_t

       - Set files with the logrotate_exec_t type, if you want to transition an executable to the logrotate_t domain.

       Paths:
	    /etc/cron.(daily|weekly)/sysklogd, /usr/sbin/logrotate

       logrotate_lock_t

       - Set files with the logrotate_lock_t type, if you want to treat the files as logrotate lock data, stored under the /var/lock directory

       logrotate_mail_tmp_t

       - Set files with the logrotate_mail_tmp_t type, if you want to store logrotate mail temporary files in the /tmp directories.

       logrotate_tmp_t

       - Set files with the logrotate_tmp_t type, if you want to store logrotate temporary files in the /tmp directories.

       logrotate_var_lib_t

       - Set files with the logrotate_var_lib_t type, if you want to store the logrotate files under the /var/lib directory.

       Note:  File context can be temporarily modified with the chcon command.	If you want to permanently change the file context you need to use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8),  logrotate(8),  semanage(8),  restorecon(8),  chcon(1),   sepolicy(8)   ,   setsebool(8),   logrotate_mail_selinux(8),   logro-
       tate_mail_selinux(8)

logrotate							     14-06-10						      logrotate_selinux(8)
All times are GMT -4. The time now is 06:21 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy