Log File Retention

Hello,

Please forgive me if this is in the wrong place. It seems like it should maybe go in the Feature Requests area, but I don't seem to be able to post anything there.

I was reading this thread: http://forums.cpanel.net/f145/stop-deleting-domlogs-every-24h-default-better-domlog-rotation-options-290111.html (ideally would reply there but I don't seem to have permission to, or it's closed/locked). Does anyone know of any better options for log file retention? I ran into the same problem as the OP of that thread, where I went to investigate a client's site that had been hacked through WordPress and was sending out a ton of spam, but it only had access logs going back to this morning, so I have no useful information about where the hacking actually took place.

Ideally I'd like somewhere between a week and a month of access log data retained, is there any way to do that? Just now I turned "Delete each domain’s access logs after stats run" from On to Off in Tweak Settings, but I get the impression that just starts generating data and doesn't remove it anymore? Is there any way to do a server wide system similar to the individual CPanel site option of archiving the logs in the home directory?

Thanks for any insight anyone can provide into this or CPanel/WHM logging behaviour in general.

David

 

After some more reading and playing, it would appear the feature does work properly, just you don't quite have the amount of control I'd like. I found this thread: http://forums.cpanel.net/f334/possible-set-default-value-domlog-archiving-whm-151269.html which details how to set the daily archiving and monthly rotation as defaults on a new account creation, so between that and setting all existing accounts to do that I should have a month of log files for all accounts (going forward anyways, doesn't help with my current hacking investigation). In the future some more options (additional time control beyond month or forever retention, and the ability to prevent users from turning logging off, for examples) in this area would be very helpful. There are quite a few other threads out there on this issue so I don't appear to be alone in this.

David