我有debian gnu/linux 11(靶心),其中该/var/log/auth.log文件仅包含当前启动的日志,而不包含任何先前启动的日志,我需要它来存储先前启动的日志以验证活动。
我该怎么做?
实际上,我比较了/etc/logrotate.d/syslog-ngdebian gnu/linux 11 (bullseye) 和 Debian GNU/Linux 10 (buster),因为 buster 操作系统有整整一周的日志,并且比较起来两者是相同的。
bullseye os中的代码/etc/logrotate.d/syslog-ng如下
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d syslog-ng reload > /dev/null
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
/var/log/error
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d syslog-ng reload > /dev/null
endscript
}```
and the code of logrotate.conf of bullseye os is
:/etc$ sudo cat logrotate.conf
# see "man logrotate" for details
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.