Log retention to suit legal regulations

phoenixweb

Well-Known Member
Jun 3, 2004
70
0
156
cPanel Access Level
DataCenter Provider
Hi everybody,

as a provider, in italy, we should retain logs (http, ftp, mail & ssh) for 2 years.
This means that we have to store a large amount of data.

I read both forum and docs about cpanel log rotation tools and I see that it doesn't suit this need:

1) domlogs (http/ftp) are not archived due to the need to run statistic / forensic
They can be just deleted after stats are runned or leave there indefinitly

2) exim logs are leaved in /var/log indefinitly

3) as far as i know there is no a ssh logger installed (but maybe i'm in wrong)

Does anybody already found a solution to the storage of these logs?
I think the best solutions should be:
- include these logs in the log rotation system
- allow to FTP logs on a remote repository (in order to avoid space fill up)


Thanks,
Max
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

1. You do not have to delete the Apache domlogs. You can retain them when statistics are generated by turning off the following option under "Stats and Logs" in "WHM Home » Server Configuration » Tweak Settings":

"Delete each domain’s access logs after stats run"

2. Yes, Exim activity is stored in:

/var/log/exim_mainlog
/var/log/exim_rejectlog

You can configure logortate to archive these log files at your own preference.

3. SSH login activity is stored in:

/var/log/secure

Commands are also stored in the bash history files (e.g. /root/.bash_history).

Thank you.
 

phoenixweb

Well-Known Member
Jun 3, 2004
70
0
156
cPanel Access Level
DataCenter Provider
Hello :)

1. You do not have to delete the Apache domlogs. You can retain them when statistics are generated by turning off the following option under "Stats and Logs" in "WHM Home » Server Configuration » Tweak Settings":

"Delete each domain’s access logs after stats run"
Yes i didn't delete theme but i cannot even touch them or rotate them as soon as i'm going to lose statistics (there is no a hook after the stats are processed in order to copy and archive old domlogs).

2. Yes, Exim activity is stored in:

/var/log/exim_mainlog
/var/log/exim_rejectlog

You can configure logortate to archive these log files at your own preference.
This is good.
I see that is not possible to conifigure through WHM.
Should I edit the configuration file directly?


3. SSH login activity is stored in:

/var/log/secure

Commands are also stored in the bash history files (e.g. /root/.bash_history).

Thank you.
This is very good. I'm going to meet this file. ;)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
1. You can enable "Keep log files at the end of the month" under "Stats and Logs" in "Tweak Settings" if you want to save the Apache domlogs and avoid touching the active domlogs. However, keep in mind this can utilize a large amount of disk space.

2. Yes, LogRotate should be configured directly because it's an OS package.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
another question, but what if I just store the server apache access logs before it's splitted in separate domlogs for domains? Is it possible?
You could develop a bash script that combines all of the Apache domlogs into one single log file after the initial logging. However, I am not aware of any Apache configuration values that will keep all the domain access logs in a single file from the start.

Thank you.