You are not logged in.

Pages: 1

#1 2008-11-08 23:00:43

Boris Bolgradov
Member
From: Yambol, Bulgaria
Registered: 2008-07-27
Posts: 178
Website

auth.log self-erases for some reason...

At some time, for some reason, /var/log/auth.log self-erases or saves itself as auth.log.1. I want to know why this is happening? I can't find a similarity between the files, except the last lines, but I think they should always be "session closed for user root" if I'm using sudo...

First lines:

[~ ]$ head -n1 /var/log/auth.log
Nov  9 00:21:30 arch sudo:    boris : TTY=pts/2 ; PWD=/home/boris ; USER=root ; COMMAND=/bin/mv gen_fonts.sh /usr/share/mplayer/
[~ ]$ head -n1 /var/log/auth.log.1
Nov  3 00:35:17 arch sudo:    boris : TTY=pts/2 ; PWD=/media/windows/My Documents/wallpapers ; USER=root ; COMMAND=/etc/rc.d/sshd stop
[~ ]$ head -n1 /var/log/auth.log.2
Oct 26 01:49:08 arch sshd[2402]: Received signal 15; terminating.
[~ ]$ head -n1 /var/log/auth.log.3
Oct 25 00:04:08 arch sudo:    boris : TTY=pts/1 ; PWD=/home/boris ; USER=root ; COMMAND=/usr/bin/pkill awk
[~ ]$ head -n1 /var/log/auth.log.4
Oct 13 01:56:31 arch sudo:    boris : TTY=pts/1 ; PWD=/home/boris ; USER=root ; COMMAND=/usr/bin/pacman -Syu
[~ ]$

Last lines:

[~ ]$ tail -n1 /var/log/auth.log
Nov  9 00:26:42 arch sudo: pam_unix(sudo:session): session closed for user root
[~ ]$ tail -n1 /var/log/auth.log.1
Nov  8 23:24:01 arch sudo: pam_unix(sudo:session): session closed for user root
[~ ]$ tail -n1 /var/log/auth.log.2
Nov  2 22:35:53 arch sudo: pam_unix(sudo:session): session closed for user root
[~ ]$ tail -n1 /var/log/auth.log.3
Oct 25 23:05:35 arch sshd[20801]: Did not receive identification string from 202.99.122.132
[~ ]$ tail -n1 /var/log/auth.log.4
Oct 24 23:03:33 arch sudo: pam_unix(sudo:session): session closed for user root
[~ ]$

Count of the lines, words and characters:

[~ ]$ wc /var/log/auth.log
  6  79 599 /var/log/auth.log
[~ ]$ wc /var/log/auth.log.1
  2239  27216 195123 /var/log/auth.log.1
[~ ]$ wc /var/log/auth.log.2
  8553 109842 843621 /var/log/auth.log.2
[~ ]$ wc /var/log/auth.log.3
  231  3123 23847 /var/log/auth.log.3
[~ ]$ wc /var/log/auth.log.4
  1016  13345 105546 /var/log/auth.log.4
[~ ]$

Anyone have a clue why this is happening?

Offline

#2 2008-11-08 23:21:22

creslin
Member
Registered: 2008-10-04
Posts: 241

Re: auth.log self-erases for some reason...

Boris Bolgradov wrote:

At some time, for some reason, /var/log/auth.log self-erases or saves itself as auth.log.1. I want to know why this is happening? I can't find a similarity between the files, except the last lines, but I think they should always be "session closed for user root" if I'm using sudo...
...
Anyone have a clue why this is happening?

This is being done by logrotate.  By default it cycles/stores 4 weeks of logs.  You can check `man logrotate` and /etc/logrotate.conf if you'd like to alter the behavior.

ARCH|awesome3.0 powered by Pentium M 750 | 512MB DDR2-533 | Radeon X300 M
The journey is the reward.

Offline

#3 2008-11-09 08:18:15

Boris Bolgradov
Member
From: Yambol, Bulgaria
Registered: 2008-07-27
Posts: 178
Website

Re: auth.log self-erases for some reason...

creslin wrote:
Boris Bolgradov wrote:

At some time, for some reason, /var/log/auth.log self-erases or saves itself as auth.log.1. I want to know why this is happening? I can't find a similarity between the files, except the last lines, but I think they should always be "session closed for user root" if I'm using sudo...
...
Anyone have a clue why this is happening?

This is being done by logrotate.  By default it cycles/stores 4 weeks of logs.  You can check `man logrotate` and /etc/logrotate.conf if you'd like to alter the behavior.

thx

Offline

Pages: 1

Board footer

Powered by FluxBB