New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How much do you log?
I've been mucking about with logrotate having read one of the Slicehost guides on it. It's a good guide insasmuch that it shows you how to set logs to rotate, how to cap the size etc. But it doesn't really tell me what is worth keeping.
So my question to you guys is simply how much do you log? Do you keep a month's worth of traffic, 10,000 visits or just everything? And further to how much do you log, what do you actually use them for?
Cheers
Comments
If its for personal use the vps, I keep them for 3 weeks in case I don't have time to check them in one or two weeks.
If its for work related or something serius at least 4 months.
A couple of friends keep them for a whole year.
@Biggles, would have been a plus if you linked to it.
If it involves money, I've been told that we need to keep the logs for at least 7 years as it's a transition (ie credit card) record. All the links I can find for that are spammy though so not 100% sure on that.
I never clear them.
On my larger sites, I don't log assets (static) because they're handed over to cached CDN
I tend to not enable raw access.log logging unless I get trouble reports - IP logs, etc are handled by the CMS.
Yeah I guess it depends on what kind of logs. I usually keep 2 weeks of access log, but just like @justinb has said, on a busy site it could be multiple GB per day, gzipped! In those cases I don't keep the raw access log around for that long, as I have my own watchdog logging which I also push up to Amazon S3 everyday (which is only around 2-3MB/day sqlite DB files).
For auth logs and mail logs I do keep them around for a bit longer.
I believe this is the article in question just to throw out the link:
http://articles.slicehost.com/2010/6/30/understanding-logrotate-overview
Individual OS'es are further down the page.
Another school of thought is not to really log anything at all if you are not using the box for anything (my LEB is just a proxy to access UK tv right now). Send the logs to /dev/null but you can still $ tail in to see the live logging if you need to see what is going on.
@dotben I'm real iffy with doing that, especially with some of the software we install for our clients. Seen some mighty big security holes over the years and, without having logs, it makes it harder to track down how hackers are doing it.
I can see your point though.
SSH to tunnel on non default port, with root login disabled, using ssh keys only, firewalled to your home IP should probably be fine without logging
It all depends on how frequently you monitor your box. If you monitor it every day, then you probably only need 2 o 3 days of logs. If you monitor it once a week, then you need 1 week+ of logs. As drmike indicated, if something unexpected hapens and you don't have logs, it is hard to track down what is happening.
Personally, I monitor my systems only a few times a week so I keep 2 weeks of logs.
@justinb I said softwares, not logins. Thanks though
ah, just reread your post
i meant if you were running basically nothing and it's locked down it's probably not a problem
Not a problem
Just wanted to say thanks for the responses, gave me something to think about and come up with a strategy of my own. And yeah, my bad for not linking to the articles, drmike's link was the one I read.
I rotate weekly and keep 4 weeks back. That's for everything: system logs, mail logs, web logs.