Clearing /var/log

[lucid]

For security's sake, I was looking into removing some logs at shutdown. Namely I was looking at the logs in /var/log.

Does anyone have any input on this? I want to make sure this won't damage anything if I erase all logs every shutdown.

[ande]

Pretty sure you will be fine, just make sure files that are supposed to be there, empty or not, are there and that their permissions/owners are correct.

[lucid]

I kinda thought so. Thanks for confirming 

[wookie]

An alternative would be truncating them all?


Try something like...

Code: [Select]

cd /var/log
echo > $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2)


That should truncate the files in /var/log that aren't gzip compressed and have the term "log" in the filename.  You may want to do some extra validation to make sure it's a file or a folder.


You could also look at doing some form of log rotation on a daily basis and either compress your log files or move them off disk?

[lucid]

An alternative would be truncating them all?


Try something like...

Code: [Select]

cd /var/log
echo > $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2)


That should truncate the files in /var/log that aren't gzip compressed and have the term "log" in the filename.  You may want to do some extra validation to make sure it's a file or a folder.


You could also look at doing some form of log rotation on a daily basis and either compress your log files or move them off disk?

That didn't work.

Code: [Select]

bash: $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2): ambiguous redirect


[wookie]

That didn't work.

Code: [Select]

bash: $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2): ambiguous redirect


Sorry, should've tested it.


Try this in a bash script:

Code: [Select]


for file in $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2)
do
        echo > $file
done


[wookie]

Code: [Select]


for file in $(ls -l /var/log | grep -v ".gz" | grep "log" | cut -d ':' -f 2 | cut -d ' ' -f 2)
do
        echo > $file
done


You could wrap the echo > $file in something like this;

Code: [Select]


if [ -f $file ]
then
echo > $file
fi
[size=78%]


Which should validate that it isn't a system file or directory judging by http://tldp.org/LDP/abs/html/fto.html[/size]

[lucid]

Well I found a pretty simple solution given that no log files in /var/log are not to be truncated. Simply:

cat /dev/null > whatever.log

Now to do it to the whole directory recursively...

EDIT: Wow, I have the perfect solution that I've tested and have no problems with.

Code: [Select]

find /var/log -type f exec sh -c '> "{}"' \;

Works like a charm.

[wookie]

Well I found a pretty simple solution given that no log files in /var/log are not to be truncated. Simply:

cat /dev/null > whatever.log

Now to do it to the whole directory recursively...

Don't really understand what that does that what I've posted doesn't do?  I assumed you wanted to remove all logs, not just a specific log.


Regardless, both methods will truncate files.


Bash isn't really my strong point, but you could use PHP?


You could use opendir and readdir methods but you could also do something like this, which would allow you to recurse quite easily and parse it into a nice array for you to do some truncating with:

Code: [Select]


<?php


$_dir = "/var/log";
$cmd = "ls -lR $_dir";
$files=$out1=$out2=null;
exec($cmd, $out1, $out2);
foreach($out1 as $k=>$line){
        if(substr($line, 0, 8) == '/var/log'){
                $total = $out1[$k + 1];
                $total = explode(" ", trim($total));
                if($total[1] < 1) continue;
                $dir = substr($line, 8);
                $dir = substr($dir, 0, -1);
        }
        if(substr($line, 0, 8) != '/var/log' && substr($line, 0, 5) != 'total'){
                $file = explode(":", $line);
                $file = explode(" ", $file[1]);
                $file = $file[1];
                $files[$dir][]="$_dir$dir$file";
        }
}


print_r($files);


?>


[lucid]

I guess the two bash scripts do the same thing, one is just simpler. I like the PHP idea.

[proxx]

Just wanted to state that actually deleting certain log files can cause problems.
And for security sake you could better overwrite them with garbage than deleting them.
Thats is if your paranoid.

[lucid]

I'm not deleting any of them. I suppose I could look into overwriting them. Perhaps something like that could be done with the shred command, without actually deleting the files that is.