Dans /etc/openvpn/common.conf, la configuration indique que le niveau de verbosité de nos logs est actuellement de 4 :
; Logs verb 4
Doc de la page de man openvpn sur l'option verb
:
--verb n Set output verbosity to n (default=1). Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output. 0 -- No output except fatal errors. 1 to 4 -- Normal usage range. 5 -- Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets. 6 to 11 -- Debug info range (see errlevel.h for additional information on debug levels).
Proposition : mettre le niveau de verbosité à 3 suite aux informations de la page de man.
Ensuite pour ne conserver que deux semaines de logs, cela se gère avec logrotate. Le fichier de conf est /etc/logrotate.conf
.
Cf : voir la documentation syslog-ng sur la configuration de la rotation des logs : https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-logrotate.html
Éléments importants du fichier de configuration actuelle :
# rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create
Proposition : configurer pour conserver 2 semaines et recréer les fichiers à chaque fois pour tous les logs
# see "man logrotate" for details # rotate log files weekly weekly # keep 2 weeks worth of backlogs rotate 2 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here
ou : configurer uniquement la rotation toutes les deux semaines pour les logs dans daemon.log
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here /var/log/daemon.log { #Rotation des logs toutes les deux semaines rotate 2 weekly postrotate #Fermeture de tous les fichiers syslog /usr/bin/killall -HUP syslogd endscript }