Table des matières

Gestion des logs

Services

VPN

Dans /etc/openvpn/common.conf, la configuration indique que le niveau de verbosité de nos logs est actuellement de 4 :

; Logs
verb 4

Doc de la page de man openvpn sur l'option verb :

       --verb n
              Set  output  verbosity  to n (default=1).  Each level shows all info from the previous levels.  Level 3 is recommended if you want a
              good summary of what's happening without being swamped by output.

              0 -- No output except fatal errors.
              1 to 4 -- Normal usage range.
              5 -- Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is
              used for TUN/TAP packets.
              6 to 11 -- Debug info range (see errlevel.h for additional information on debug levels).

Proposition : mettre le niveau de verbosité à 3 suite aux informations de la page de man.

Ensuite pour ne conserver que deux semaines de logs, cela se gère avec logrotate. Le fichier de conf est /etc/logrotate.conf. Cf : voir la documentation syslog-ng sur la configuration de la rotation des logs : https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-logrotate.html

Éléments importants du fichier de configuration actuelle :

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

Proposition : configurer pour conserver 2 semaines et recréer les fichiers à chaque fois pour tous les logs

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 2 weeks worth of backlogs
rotate 2

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here

ou : configurer uniquement la rotation toutes les deux semaines pour les logs dans daemon.log

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here
/var/log/daemon.log {
           #Rotation des logs toutes les deux semaines
           rotate 2
           weekly
           postrotate
               #Fermeture de tous les fichiers syslog
               /usr/bin/killall -HUP syslogd
           endscript
       }

Ressources (peut être utiles)

https://linuxconfig.org/logrotate

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-logrotate.html

http://www.wpollock.com/AUnix2/Logging.htm