Friday 22 January 2016

How to block P2P using IPS

How to block P2P using IPS: IPS is intelligent device with has signature to see the pattern  of traffic and can recognize application on the behalf of signature in data packet. 

What is P2P: Peer-to-peer (P2P) is a decentralized communications model in which each party has the same capabilities and either party can initiate a communication session. Unlike theclient/server model, in which the client makes a service request and the server fulfills the request, the P2P network model allows each node to function as both a client andserver.
These applications are dynamic in nature of ports and IPs and can not be blocked by ACL using IPs and port. These application can be blocked by NBAR or IPS by using signatures.

Configuration for IPS to block P2P:
1. The cisco has retired P2P singnature and retired signature can not take any action even if it is enabled in configuration. So there are three stpes.
1. make signature active from retired
2. Change severity level from low to medium
3. Choose action to take by signatures.

Configuration by Command line:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
service signature-definition sig0
signatures 5534 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 1
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 2
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5535 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5536 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5768 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5771 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 0
alert-severity medium
engine meta
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 1
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 2
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 3
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 4
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 7201 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7202 0
alert-severity medium
engine service-p2p
event-action produce-alert
exit
status
enabled true
retired true
exit
exit
signatures 7203 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7205 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
exit
signatures 11000 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 1
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 2
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 3
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11001 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11001 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11002 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11002 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11003 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11003 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11004 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11004 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11005 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 2
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11006 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11006 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11007 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11007 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11008 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11008 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11009 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11009 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11010 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11010 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11011 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11011 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11012 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11012 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11013 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11013 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11014 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11015 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11016 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11018 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11018 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11019 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11019 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11020 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11020 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|log-attacker-packets|produce-alert|reset-tcp-connection

exit

status

enabled true
retired false
exit
exit
signatures 11020 2
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 3
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 4
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 5
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11021 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11023 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11023 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11024 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11025 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11026 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11028 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11029 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11030 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11031 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11032 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11033 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 15255 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15574 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 15693 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15693 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 16194 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 18183 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 18183 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20360 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20361 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 27560 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 30680 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
exit
++++++++++++++++++++++++++++++++++++++++++++++++++++++++





















Posted by at No comments:

Tuesday 19 January 2016

Logrotate on Ubuntu

What is logrotate:  Logrotate is a utility/tool that manages activities like automatic rotation, removal and compression of log files in a system. This is an excellent tool to manage your logs to save your precious disk space. By having a simple yet powerful configuration file, different parameters of logrotation can be controlled. This gives complete control over the way logs can be automatically managed and does not required manual intervention.

How to install:

Step 1—Update System and System Packages

Run the following command to update the package lists from apt-get and get the information on the newest versions of packages and their dependencies.

#sudo apt-get update

Step 2—Install Logrotate

#sudo apt-get install logrotate

Step 3 — Confirmation

To verify that logrotate was successfully installed, run this in the command prompt.

#logrotate
++++++++++++++++++++++++++++++++++++++++++++++++++++++
# logrotate
logrotate 3.7.8 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Since the logrotate utility is based on configuration files, the above command will not rotate any files and will show you a brief overview of the usage and the switch options available.

Step 4—Configure Logrotate

Configurations and default options for the logrotate utility are present in:

#/etc/logrotate.conf

Some of the important configuration settings are : rotation-interval, log-file-size, rotation-count and compression.

Application-specific log file information (to override the defaults) are kept at:

#/etc/logrotate.d/

Below is the configuration example of loagroate for rsyslog application

Example:
#vim /etc/logrotate.d/rsyslog
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/var/log/log_folder/*.*/syslog.log
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                reload rsyslog >/dev/null 2>&1 || true
        endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What this means is that:
  • the logrotation for dpkg monitors the /var/log/dpkg.log file and does this on a monthly basis - this is the rotation interval.
  • 'rotate 12' signifies that 12 days worth of logs would be kept.
  • logfiles can be compressed using the gzip format by specifying 'compress' and 'delaycompress' delays the compression process till the next log rotation. 'delaycompress' will work only if 'compress' option is specified.
  • 'missingok' avoids halting on any error and carries on with the next log file.
  • 'notifempty' avoid log rotation if the logfile is empty.
  • 'create <mode> <owner> <group>' creates a new empty file with the specified properties after log-rotation.
Step 5—Cron Job

You can also set the logrotation as a cron so that the manual process can be avoided and this is taken care of automatically. By specifying an entry in /etc/cron.daily/logrotate , the rotation is triggered daily.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
output of /etc/cron.daily/logrotate
/etc/cron.daily# cat logrotate

#!/bin/sh

# Clean non existent log file entries from status file
cd /var/lib/logrotate
test -e status || touch status
head -1 status > status.clean
sed 's/"//g' status | while read logfile date
do
    [ -e "$logfile" ] && echo "\"$logfile\" $date"
done >> status.clean
mv status.clean status

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf


++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Step 6—Status Check and Verification

To verify if a particular log is indeed rotating or not and to check the last date and time of its rotation, check the /var/lib/logrotate/status file. This is a neatly formatted file that contains the log file name and the date on which it was last rotated.

cat /var/lib/logrotate/status

:/var/lib/logrotate# cat status | grep /xxxx/
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/127.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19

Note: logrotate reads this file to ensure when the last log rotate took place to take action for new log rotate
Very useful Link:













Posted by at 1 comment:
Subscribe to: Posts (Atom)