Hi all
We've had new servers coming in and one of the requirement was to keep logs for up to 8 months. I know logrotate can do the job, but by default (on Suse Enterprise10, 11) we have these logs in /etc/logrotate.d dir as default logs which are rotated:
-rw-r--r-- 1 root root 140 Jul 23 2004 xdm
-rw-r--r-- 1 root root 134 Feb 21 2009 wtmp
-rw-r--r-- 1 root root 129 Feb 24 2009 scpm
-rw-r--r-- 1 root root 137 Apr 23 2010 zypp-history.lr
-rw-r--r-- 1 root root 200 May 5 2010 xinetd
-rw-r--r-- 1 root root 1337 May 5 2010 syslog
-rw-r--r-- 1 root root 225 May 5 2010 openslp-server
-rw-r--r-- 1 root root 187 May 8 2010 ntp
-rw-r--r-- 1 root root 289 May 8 2010 samba
-rw-r--r-- 1 root root 134 May 9 2010 zypper.lr
-rw-r--r-- 1 root root 139 May 9 2010 zypp-refresh.lr
-rw-r--r-- 1 root root 141 May 12 2010 rsync
Any idea on which additional logs are worth keeping for a long period of time (for audit and user logins & security purposes)? Part of the requirement were for access log but as I checked on the server, there's no access_log or access.log. (I did a find, and a whereis)
thank you..appreciate your inputs