The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Maldet - log rotation - howto ?

Discussion in 'Security' started by jarecki74, Jul 24, 2013.

  1. jarecki74

    jarecki74 Member

    Joined:
    Oct 10, 2010
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I would like to enable maldet INOTIFY MONITORING

    http://www.rfxn.com/appdocs/README.maldetect

    maldet --monitor /home/*/public_html,/home2/*/public_html

    and enable logrotate to file /usr/local/maldetect/event_log


    if it is properly ?

    in directory /etc/logrotate.d i must create file maldet.inotify

    and add logrotation rule

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, assuming you have already installed Maildet, that would be a valid way of setting up log rotation for the event_log file.

    Thank you.
     
  3. jarecki74

    jarecki74 Member

    Joined:
    Oct 10, 2010
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I checked the configuration and does not work

    /etc/logrotate.d/maldet_inotify

    minisize is set to 1M , my log file have 3M

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }

    can someone help me set it up please
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can try manually running logrotate via:

    Code:
    /usr/sbin/logrotate -vf /etc/logrotate.conf
    Look for output related to your maldet log to see if any problems show up.

    Thank you.
     
  5. jarecki74

    jarecki74 Member

    Joined:
    Oct 10, 2010
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1

    new file created ok, but new log is empty
    ------------------------------------------------------------------------------
    root@masterhost [/usr/local/maldetect/inotify]# tail -f 40 /usr/local/maldetect/inotify/inotify_log
    tail: cannot open `40' for reading: No such file or directory
    ==> /usr/local/maldetect/inotify/inotify_log <==

    ----------------------------------------------------------------

    drwxr-xr-x 2 root root 4096 Jul 27 10:20 ./
    drwxr-xr-x 9 root root 4096 Jul 27 10:14 ../
    -rw------- 1 root root 0 Jul 27 10:20 inotify_log
    -rw------- 1 root root 20 Jul 27 10:20 inotify_log-20130727.gz
    -rwxr-x--- 1 root root 37272 May 12 2010 inotifywait*
    -rwxr-x--- 1 root root 67425 Oct 15 2009 libinotifytools.so.0*
    -rwxr-x--- 1 root root 2489 Jan 9 2012 tlog*
    root@masterhost [/usr/local/maldetect/inotify]#

    --------------------------------------------------------------------
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. jarecki74

    jarecki74 Member

    Joined:
    Oct 10, 2010
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    log is fine now, i did delete log file and run /usr/sbin/logrotate -vf /etc/logrotate.conf. a new file is created automatically

    i must add to crontab after reboot system command maldet --monitor /home/*/public_html,/home2/*/public_html

    if it is properly ?

    crontab -e

    @reboot maldet --monitor /home/*/public_html,/home2/*/public_html
     
  8. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page