ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Correct configuration for Ubuntu 12.04 (log file locations)

https://mail.forum.configserver.com/viewtopic.php?t=6615

Page 1 of 1

Correct configuration for Ubuntu 12.04 (log file locations)

Posted: 03 Jun 2013, 20:18
by Mannekino
Hi,

I recently installed CSF on two servers, one is a Debian Wheezy (7.0) and the other Ubuntu Precise (12.04). I noticed on the Debian server that I have two files ("iptables_log" and "lfdmain") in the "/etc/csf/stats/" folder but these files are not present on the Ubuntu server. I did some further digging and I noticed that on the Debian server I have a "/var/log/messages" file but on the Ubuntu server this log file is missing.

I see in my "csf.conf" the following log files are specified. Since "/var/log/messages" is missing on the Ubuntu server should I point those to "/var/log/syslog" instead? Does this file contain everything CSF needs to function correctly? Also are there any other settings that I need to look at for CSF to be fully functional on my Ubuntu 12.04 server? Any advice is appreciated.
  • HTACCESS_LOG = "/var/log/apache2/error.log"
  • MODSEC_LOG = "/var/log/apache2/error.log"
  • SSHD_LOG = "/var/log/auth.log"
  • SU_LOG = "/var/log/messages"
  • FTPD_LOG = "/var/log/messages"
  • SMTPAUTH_LOG = "/var/log/secure"
  • POP3D_LOG = "/var/log/mail.log"
  • IMAPD_LOG = "/var/log/mail.log"
  • IPTABLES_LOG = "/var/log/messages"
  • SUHOSIN_LOG = "/var/log/messages"
  • BIND_LOG = "/var/log/messages"
  • SYSLOG_LOG = "/var/log/messages"
Regards,

Mannekino

Re: Correct configuration for Ubuntu 12.04 (log file locatio

Posted: 06 Jun 2013, 16:31
by chatwizrd
Every ubuntu server I have has a /var/log/messages. Why would it be missing on yours?

Re: Correct configuration for Ubuntu 12.04 (log file locatio

Posted: 04 May 2014, 14:43
by rholmes
You've probably answered this yourself, but yes, 12.* and 14.* Ubuntu have removed /var/log/messages from their default configuration.

There is debate on whether that's the best, but since 'messages' info is duplicated elsewhere, the default has been changed.

You can re-enable /var/log/messages by editing /etc/rsyslog.d/50-default.conf: Uncomment the following:

Code: Select all

        *.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none -/var/log/messages
Or you can modify /etc/csf/csf.conf to point to the right place (I believe that /var/log/syslog will work, but haven't tried it).

See:
EDIT: I'm not allowed to post urls, but you can google askubuntu site for "where is var log messages" and there's an official release on that. You can also look on bugs dot launchpad dot net -- there's a post on bug 762505 against rsyslog which outlines some of the debate by the Ubuntu folks.

Not sure how one get's authorized to publish links here - this is my first post...
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited