Log retention to suit legal regulations

[phoenixweb]

Hi everybody,

as a provider, in italy, we should retain logs (http, ftp, mail & ssh) for 2 years.
This means that we have to store a large amount of data.

I read both forum and docs about cpanel log rotation tools and I see that it doesn't suit this need:

1) domlogs (http/ftp) are not archived due to the need to run statistic / forensic
They can be just deleted after stats are runned or leave there indefinitly

2) exim logs are leaved in /var/log indefinitly

3) as far as i know there is no a ssh logger installed (but maybe i'm in wrong)

Does anybody already found a solution to the storage of these logs?
I think the best solutions should be:
- include these logs in the log rotation system
- allow to FTP logs on a remote repository (in order to avoid space fill up)


Thanks,
Max

 

[cPanelMichael]

Hello

1. You do not have to delete the Apache domlogs. You can retain them when statistics are generated by turning off the following option under "Stats and Logs" in "WHM Home » Server Configuration » Tweak Settings":

"Delete each domain’s access logs after stats run"

2. Yes, Exim activity is stored in:

/var/log/exim_mainlog
/var/log/exim_rejectlog

You can configure logortate to archive these log files at your own preference.

3. SSH login activity is stored in:

/var/log/secure

Commands are also stored in the bash history files (e.g. /root/.bash_history).

Thank you.

 

[phoenixweb]

Hello

1. You do not have to delete the Apache domlogs. You can retain them when statistics are generated by turning off the following option under "Stats and Logs" in "WHM Home » Server Configuration » Tweak Settings":

"Delete each domain’s access logs after stats run"

Yes i didn't delete theme but i cannot even touch them or rotate them as soon as i'm going to lose statistics (there is no a hook after the stats are processed in order to copy and archive old domlogs).

2. Yes, Exim activity is stored in:

/var/log/exim_mainlog
/var/log/exim_rejectlog

You can configure logortate to archive these log files at your own preference.

This is good.
I see that is not possible to conifigure through WHM.
Should I edit the configuration file directly?

3. SSH login activity is stored in:

/var/log/secure

Commands are also stored in the bash history files (e.g. /root/.bash_history).

Thank you.

This is very good. I'm going to meet this file.

 

[cPanelMichael]

1. You can enable "Keep log files at the end of the month" under "Stats and Logs" in "Tweak Settings" if you want to save the Apache domlogs and avoid touching the active domlogs. However, keep in mind this can utilize a large amount of disk space.

2. Yes, LogRotate should be configured directly because it's an OS package.

Thank you.

 

[phoenixweb]

Thank you Michael,

another question, but what if I just store the server apache access logs before it's splitted in separate domlogs for domains?
Is it possible?

 

[cPanelMichael]

another question, but what if I just store the server apache access logs before it's splitted in separate domlogs for domains? Is it possible?

You could develop a bash script that combines all of the Apache domlogs into one single log file after the initial logging. However, I am not aware of any Apache configuration values that will keep all the domain access logs in a single file from the start.

Thank you.