Here is a suggestion for a default config for logrotate: # see "man logrotate" for details # rotate log files weekly weekly # keep 52 weeks worth of backlogs rotate 52 # send errors to root errors root # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed compress include /etc/logrotate.d # no packages own lastlog or wtmp -- we'll rotate them here /var/log/wtmp { rotate 10 }
Remember to mkdir /etc/logrotate.d Also this seems not to work: # send errors to root errors root
I recommend this instead (ripped and modified from Redhat): # see "man logrotate" for details # rotate log files weekly weekly #daily # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d notifempty nomail noolddir # no packages own lastlog or wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here.
I think the european law wants you to keep 1 year of logging. So Michael's 4 weeks should be 52 instead. If people have a lot of logging so they do not have the space to keep 1 year of compressed logfiles then they probably have to tune other logging parameters as well.
Do you have a url that talks about this? I'd be really suprised if any law anywhere specified how much logging was required for personal computer systems. Gentoo isn't primarily used in corporate settings at this time and in companies it is, it's that company's responsibility to comply with any local or national laws. I think the default should remain at one month as that is reasonable for personal users.
I cannot seem to find the law now. It was part of the terror-bill as I recall. But really: What is the problem in using 52 weeks instead? You use a bit more space. For a personal workstation this space is _very_ limited and for a commercial workstation this space is well used if I am right about the law. Could you elaborate on why you consider 4 weeks "reasonable"? IMHO I would find 52 weeks reasonable if the 51 weeks are compressed and not really taking up serious amount of space.
You identified the problem I have with changing to 52 weeks in your last comment: "You use a bit more space." I believe the current setting is adequate for a most people and the setting is easily changed locally by those, like you, who desire longer-lasting logging. In the absence of any confirmation regarding the legal requirement of individuals to keep a year's worth of logs available, I still don't see any reason to change the current default of four weeks.
Re-assign to Michael Sterrett since he's now a dev and can decide what needs to be done next, if anything, to finish this out.
Regarding the european law: This law affects only facilities which offer public telecommunication services, like internet providers, mailbox carriers, etc. The private sector is not affected at all. SuSE, Red Hat, Mandrake, etc. all don't configure logrotate to archive a full year of logs. They all have a default of four weeks, which is usually more than enough. Also Gentoo is not the distribution you find usually in the high-end server area but more typically in a geek's room -- why bother to have a default configuarion which suits internet providers, do you think they deploy a default Gentoo installation? Anyway I think the current default (4 weeks) is more then enough.
Thanks for the clear summary on the European law situation Andreas. I'm going to close this bug because: 1. I think it duplicates, at least in sprit, parts of bug#7144. 2. We've talked around the weeks on-line thing enough. 3. Everyone is free to modify their local logrotate setup to suit their needs. I've added a new revision of the logrotate ebuild to portage which installs a default logrotate.conf. Please make any other concerns about the default logrotate.conf known in a new bug. Thanks.
