[Rack] Baron Security

Michael C. Toren mct at toren.net
Tue Jan 22 21:34:17 UTC 2013


On Tue, Jan 22, 2013 at 01:57:55AM -0800, Jonathan Lassoff wrote:
> Maybe we should rotate or truncate the log after a while? Seems like
> we're collecting info on users' comings and goings, and there's no real
> reason to keep that forever.

Yes, we should totally do that.  We definitely do not want to keep the
baron logfile around for very long.

In addition to the su stuff I mentioned elsewhere in this thread, I just
changed /etc/init/baron.conf to include the line "console log", and to
remove the "--logfile" argument that's passed to baron.  This redirects
stdout and stderr to /var/log/upstart/<job-name>.  There's some existing
mechanism in Debian that rotates files in that directory, but I don't know
offhand where it's configured.  We'll want to find it, and tweak it so that
it only saves N days of logs.

How many days is it appropriate to save?  5?

-mct



More information about the Rack mailing list