I was reading up on some Linux Log File Rotation today and thought I might share a little info on my findings with my Ubuntu friends. As we all know, the log files are the best place to look first when something doesn’t work. You’re probably also familiar with the default location of the log files in /var/log. You should also recognize that a periodic review of your logs is the single best method to catch hacking attempts and security breaches.
This link provides a good short initial view for Windows users on how the log file rotation is configured and executed.
This link provides a more detailed perspective of logging and various applications log files. A good link to Bookmark in Firefox.
I look at my system logs once a day with a morning email from logwatch. Logwatch runs as a cron job every morning at 6:25 and provides me a daily summary of activity from the previous days log files. I receive one email from each machine in my administration mailbox and spend a minute looking at each report for anomalous service usage. I typically see network probing summarized for the UFW firewall packets, DNS queries, Failed and Successful SSH connections, Postfix and Dovecot Traffic, and Apache Web Server traffic. I would encourage you all to install logwatch and take a periodic look at the summary.
sudo apt-get install logwatch
The logwatch email address can be defined by:
sudo nano /usr/share/logwatch/conf/default.conf/logwatch.conf
If you need help getting the logwatch summary to your mailbox please ask and I’ll gladly assist.