Disable all Logging in Ubuntu Server

16.04 server ssh security logging

27,653

on newer versions of ubuntu, (at least from 14.04 onwards - and probably earlier releases too) the core system logging is managed through the rsyslog daemon. i.e. logging for

kernel
iptables firewall (which is a component of the kernel)
SSH
mail

For a full list see /etc/rsyslog.d/50-default or ls -al the /var/log folder, the logfiles owned by syslog are services whose logging is managed through rsyslog.
Therefore for these core systems you can prevent logging by either

stopping the rsyslog daemon

for pre 15.10 releases

sudo service rsyslog stop

for 15.10 and later the above will probably still work, but you could also do

sudo systemctl stop rsyslog.service

This will only stop rsyslog for the current session, to make sure rsyslog doesnt start on reboot, use:

sudo systemctl disable rsyslog.service

or you can...

Turn off logging via rsyslog's configuration

i.e comment out this line

$IncludeConfig /etc/rsyslog.d/*.conf

in /etc/rsyslog.conf

For more info see man 5 rsyslog.conf.

All the other logs are usually generated by the various programs directly and you would possibly need to reconfigure each daemon one by one to stop their logging.

logrotate

logrotate is a utility that runs - I believe - once a day via cron job, that rotates out (creates a new base log file for each service and increments the log file numbers of existing log file that are too long lived or too large and performs compression and deletion on log files, its not really a place I would look at to stop logging.

27,653

strapt

Updated on September 18, 2022

Comments

strapt over 1 year

I have recently signed up with digitalocean, created a server for a SSH tunnel for browsing security. But this is only as good as logs kept and would like to disable them all.

I am looking to find out how to disable all possible logs. I know its not a good idea, from what I have read on the internet. If something goes wrong later I will just create a new server... not a big deal.I have been searching and searching for days online and have found very little. So I broke down and decided to ask here.

I am running Ubuntu server 16.04. I have deleted the actual .log files in /var/log.. They dont seem to be coming back.

However when I look at the logrotate it does have current dates on there.

I am not sure what command or commands I need to run to disable any and all logging for a security/ privacy server.

If there is anything that you need please let me know and I will do what I can.

Thank you again for any help that you can provide.
- the_velour_fog over 7 years
  
  Why do you want to delete all your log files? what scenario do you envisage where having logs would compromise (and not improve) the security of your server?
- George Udosen over 7 years
  
  Try here and see if the logrotate configuration helps.
- strapt over 7 years
  
  well mainly the logs where anyone could pull identifying information about me is what I am looking for.
- strapt over 7 years
  
  Logs that would be non identifying but helpful I could keep I suppose.
- Rinzwind over 7 years
  
  "identifying information about me" and what log would that be? By the way: if they can READ those logs you are screwed anyways. /var/log/ requires sudo. Paranoia is fine but you are stretching it... Those logs are there to warn and help you identifying problems. Not to help others. Leave those logs as they are. Ubuntu in itself IS secure.