Logs and Rotating

November 18, 2017

This morning I was wondering if any bots have been trying to login to my WordPress backend. I was planning to check by looking through the logs, but to my surprise I wasn’t logging any requests anywhere — oops. I decided this morning to fix that, so I took some time to set up logging and learning a little bit more about the logrotate utility. Below are just some notes on the work I did so I can refer back to it if needed. Note, I’m using Apache as the web server software and Ubuntu 17.04 as the OS.

I was logging errors in a nice /var/www/[your website]/logs directory, but not the requests, so the first step was to get the logging going. You can set this up globally, but I decided to add the following lines to the specific virtualhost’s conf I was interested in. Seems like anything outside of an error log in Apache is just a CustomLog (good to know). After adding the following lines to your conf, restart Apache, reload a page on the site and you should get an access.log file with the IP, user-agent string, HTTP request method and route.

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/www/[your website]/logs/access.log common

Reference: https://httpd.apache.org/docs/2.4/logs.html#accesslog

Not that this site gets a ton of traffic, but it only has 20gb of disk space so I need to be conscious of the logs file sizes. Logrotate came preinstalled as the administrative utility to compress, mail and delete old log type of files. There is a global configuration file located in /etc/logrotate, but there are also preinstalled sub-configurations available in /etc/logrotate.d. After looking through the preinstalled sub-configurations I ended up making a new one called /etc/logrotate.d/virtualhosts with the following contents.

/var/www/*/logs/*.log {
    rotate 24
    dateformat -%Y-%m-%d

You can then kick off the logrotating manually and/or install it on the root user’s cron.

Problem solved, lesson learned!