Re: [Rkhunter-users] Suggestion for rkhunter 1.3.0

Sat, 23 Feb 2008 17:41:42 -0800 

Hi John,

> On Sat, 2008-02-23 at 09:56 +1000, Michael Mansour wrote:
> >
> > If I left the "APPEND_LOG=0" setting, what happens to the log? does it just
> > keep being overwritten?
> > 
> Yes and no. The log is moved to /var/log/rkhunter.log.old, then a new
> log is created. That way you always have the current log file and the

Ok that makes sense, but you lose runs prior to the last run, I'd rather keep
them all for a number of days/weeks for auditing and tracking purposes and use
logrotate to manage them.

he rkhunter manpage says:

       --appendlog
              By default a new log file will be created when rkhunter runs.
This  option tells  rkhunter  to  append to the existing log file. If the log
file does not exist, then it will be created.

Maybe it's worth explaining this a bit more with your explanation above?

I posted my rkhunter.log file in another email, you're welcome to add it into
your spec file to auto-install in /etc/logrotate.d (the logrotate dropfile
directory). That type of thing is pretty much standard with any RPM-based
distributions, especially Red Hat based ones.

> previous one. Rather than try and sort out some sort of log rotation -
> e.g. "keep 10 logs and then delete the oldest" - it was easier to 
> just allow users to append to the log file, and sort out their own 
> log rotation.

Yeah I understand, but I don't look at it by "keeping runs". I look at it as
each day or week rotating the log file. The same as messages, maillog, apache
logs, etc. That way you have a history of every run for the past x days or 
weeks.

Regards,

Michael.

> John.
> 
> -- 
> ---------------------------------------------------------------
> John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
> E-mail: [EMAIL PROTECTED]       Fax: +44 (0)1752 233839
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Rkhunter-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------- End of Original Message -------


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to