The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Log retention to suit legal regulations

Discussion in 'Data Protection' started by phoenixweb, Aug 23, 2013.

  1. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Hi everybody,

    as a provider, in italy, we should retain logs (http, ftp, mail & ssh) for 2 years.
    This means that we have to store a large amount of data.

    I read both forum and docs about cpanel log rotation tools and I see that it doesn't suit this need:

    1) domlogs (http/ftp) are not archived due to the need to run statistic / forensic
    They can be just deleted after stats are runned or leave there indefinitly

    2) exim logs are leaved in /var/log indefinitly

    3) as far as i know there is no a ssh logger installed (but maybe i'm in wrong)

    Does anybody already found a solution to the storage of these logs?
    I think the best solutions should be:
    - include these logs in the log rotation system
    - allow to FTP logs on a remote repository (in order to avoid space fill up)


    Thanks,
    Max
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. You do not have to delete the Apache domlogs. You can retain them when statistics are generated by turning off the following option under "Stats and Logs" in "WHM Home » Server Configuration » Tweak Settings":

    "Delete each domain’s access logs after stats run"

    2. Yes, Exim activity is stored in:

    /var/log/exim_mainlog
    /var/log/exim_rejectlog

    You can configure logortate to archive these log files at your own preference.

    3. SSH login activity is stored in:

    /var/log/secure

    Commands are also stored in the bash history files (e.g. /root/.bash_history).

    Thank you.
     
  3. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Yes i didn't delete theme but i cannot even touch them or rotate them as soon as i'm going to lose statistics (there is no a hook after the stats are processed in order to copy and archive old domlogs).

    This is good.
    I see that is not possible to conifigure through WHM.
    Should I edit the configuration file directly?


    This is very good. I'm going to meet this file. ;)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    1. You can enable "Keep log files at the end of the month" under "Stats and Logs" in "Tweak Settings" if you want to save the Apache domlogs and avoid touching the active domlogs. However, keep in mind this can utilize a large amount of disk space.

    2. Yes, LogRotate should be configured directly because it's an OS package.

    Thank you.
     
  5. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Thank you Michael,

    another question, but what if I just store the server apache access logs before it's splitted in separate domlogs for domains?
    Is it possible?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could develop a bash script that combines all of the Apache domlogs into one single log file after the initial logging. However, I am not aware of any Apache configuration values that will keep all the domain access logs in a single file from the start.

    Thank you.
     
Loading...

Share This Page