[Rack] Baron Security
Jonathan Lassoff
jof at thejof.com
Tue Jan 22 21:41:57 UTC 2013
On Tue, Jan 22, 2013 at 1:34 PM, Michael C. Toren <mct at toren.net> wrote:
> On Tue, Jan 22, 2013 at 01:57:55AM -0800, Jonathan Lassoff wrote:
> > Maybe we should rotate or truncate the log after a while? Seems like
> > we're collecting info on users' comings and goings, and there's no real
> > reason to keep that forever.
>
> Yes, we should totally do that. We definitely do not want to keep the
> baron logfile around for very long.
>
> In addition to the su stuff I mentioned elsewhere in this thread, I just
> changed /etc/init/baron.conf to include the line "console log", and to
> remove the "--logfile" argument that's passed to baron. This redirects
> stdout and stderr to /var/log/upstart/<job-name>. There's some existing
> mechanism in Debian that rotates files in that directory, but I don't know
> offhand where it's configured. We'll want to find it, and tweak it so that
> it only saves N days of logs.
>
It's /etc/logrotate.d/upstart, which says:
/var/log/upstart/*.log {
daily
missingok
rotate 7
compress
notifempty
nocreate
}
So, it's a week's worth, rotating daily.
Seems fine to me.
Nice work!
--j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20130122/602d0244/attachment.html>
More information about the Rack
mailing list