Is it possible to modify rotation settings for maillog on Plesk server?

Follow

Comments

1 comment

  • Avatar
    Ehud Ziegelman

    Hi Leonid Gukhman,

     

    I have noticed lots of attacks on server take place on 06:29 AM, a minute before DAILY common log rotate takes place.

    This way, an admin might not even see the attack scanning logs with its eyes.

    The only record would be for example on Fail2Ban logs, and alert emails from such a time.

    Please suggest a way to manually change the DAILY log-rotate time (hour) configuration, to be set manually on a server level.

     

    May I also ask, where would LOG records of server being accessed on 06:29 AM disappear, as searching for the blocked by fail2ban IPs, brought NO results but the fail2ban log itself...

     

    grep -r "999.888.199.113 " /var/log/*
    /var/log/fail2ban.log:2023-05-15 10:13:26,417 fail2ban.filter         [2765544]: INFO    [httpd_forbidden] Found 999.888.199.113 - 2023-05-15 10:13:26
    /var/log/fail2ban.log:2023-05-16 06:29:17,726 fail2ban.filter         [2765544]: INFO    [httpd_forbidden] Found 999.888.199.113 - 2023-05-16 06:29:17
    grep: /var/log/journal/56725fa7bace4538bba1ee9f38ad68a2/system.journal: binary file matches
    grep: /var/log/journal/56725fa7bace4538bba1ee9f38ad68a2/system@5d3e8c5ae81f4feb84a137838eaebec4-00000000003e79ce-0005fbb234011ca5.journal: binary file matches
    grep: /var/log/journal/56725fa7bace4538bba1ee9f38ad68a2/system@5d3e8c5ae81f4feb84a137838eaebec4-00000000003f4c52-0005fbbd3c8edf0e.journal: binary file matches


    grep -r "999.888.199.113 " /var/www/vhosts/*

    NONE

     

    While on Fail2ban log:

    2023-05-16 06:29:17,726 fail2ban.filter [2765544]: INFO [jail_name] Found 999.888.199.113 - 2023-05-16 06:29:17
    2023-05-16 06:29:18,639 fail2ban.actions [2765544]: NOTICE [jail_name] Ban 999.888.199.113
    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request