Maldet - log rotation - howto ?

jarecki74

Active Member
Oct 10, 2010
33
1
58
I would like to enable maldet INOTIFY MONITORING

http://www.rfxn.com/appdocs/README.maldetect

maldet --monitor /home/*/public_html,/home2/*/public_html

and enable logrotate to file /usr/local/maldetect/event_log


if it is properly ?

in directory /etc/logrotate.d i must create file maldet.inotify

and add logrotation rule

/usr/local/maldetect/event_log {
daily
minsize 1M
create 0600 root root
rotate 1
}
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

Yes, assuming you have already installed Maildet, that would be a valid way of setting up log rotation for the event_log file.

Thank you.
 

jarecki74

Active Member
Oct 10, 2010
33
1
58
I checked the configuration and does not work

/etc/logrotate.d/maldet_inotify

minisize is set to 1M , my log file have 3M

/usr/local/maldetect/event_log {
daily
minsize 1M
create 0600 root root
rotate 1
}

can someone help me set it up please
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
You can try manually running logrotate via:

Code:
/usr/sbin/logrotate -vf /etc/logrotate.conf
Look for output related to your maldet log to see if any problems show up.

Thank you.
 

jarecki74

Active Member
Oct 10, 2010
33
1
58
You can try manually running logrotate via:

Code:
/usr/sbin/logrotate -vf /etc/logrotate.conf

Look for output related to your maldet log to see if any problems show up.

Thank you.

new file created ok, but new log is empty
------------------------------------------------------------------------------
[email protected] [/usr/local/maldetect/inotify]# tail -f 40 /usr/local/maldetect/inotify/inotify_log
tail: cannot open `40' for reading: No such file or directory
==> /usr/local/maldetect/inotify/inotify_log <==

----------------------------------------------------------------

drwxr-xr-x 2 root root 4096 Jul 27 10:20 ./
drwxr-xr-x 9 root root 4096 Jul 27 10:14 ../
-rw------- 1 root root 0 Jul 27 10:20 inotify_log
-rw------- 1 root root 20 Jul 27 10:20 inotify_log-20130727.gz
-rwxr-x--- 1 root root 37272 May 12 2010 inotifywait*
-rwxr-x--- 1 root root 67425 Oct 15 2009 libinotifytools.so.0*
-rwxr-x--- 1 root root 2489 Jan 9 2012 tlog*
[email protected] [/usr/local/maldetect/inotify]#

--------------------------------------------------------------------
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Are you sure new entries are not logged to this file? Or, is it only empty because it was recently rotated?

Thank you.
 

jarecki74

Active Member
Oct 10, 2010
33
1
58
log is fine now, i did delete log file and run /usr/sbin/logrotate -vf /etc/logrotate.conf. a new file is created automatically

i must add to crontab after reboot system command maldet --monitor /home/*/public_html,/home2/*/public_html

if it is properly ?

crontab -e

@reboot maldet --monitor /home/*/public_html,/home2/*/public_html