Disable all Logging in Ubuntu Server
on newer versions of ubuntu, (at least from 14.04 onwards - and probably earlier releases too) the core system logging is managed through the rsyslog
daemon. i.e. logging for
- kernel
- iptables firewall (which is a component of the kernel)
- SSH
For a full list see /etc/rsyslog.d/50-default
or ls -al
the /var/log
folder, the logfiles owned by syslog
are services whose logging is managed through rsyslog
.
Therefore for these core systems you can prevent logging by either
stopping the rsyslog daemon
for pre 15.10 releases
sudo service rsyslog stop
for 15.10 and later the above will probably still work, but you could also do
sudo systemctl stop rsyslog.service
This will only stop rsyslog for the current session, to make sure rsyslog doesnt start on reboot, use:
sudo systemctl disable rsyslog.service
or you can...
Turn off logging via rsyslog's configuration
i.e comment out this line
$IncludeConfig /etc/rsyslog.d/*.conf
in /etc/rsyslog.conf
For more info see man 5 rsyslog.conf
.
All the other logs are usually generated by the various programs directly and you would possibly need to reconfigure each daemon one by one to stop their logging.
logrotate
logrotate is a utility that runs - I believe - once a day via cron job, that rotates out (creates a new base log file for each service and increments the log file numbers of existing log file that are too long lived or too large and performs compression and deletion on log files, its not really a place I would look at to stop logging.
Related videos on Youtube
strapt
Updated on September 18, 2022Comments
-
strapt over 1 year
I have recently signed up with digitalocean, created a server for a SSH tunnel for browsing security. But this is only as good as logs kept and would like to disable them all.
I am looking to find out how to disable all possible logs. I know its not a good idea, from what I have read on the internet. If something goes wrong later I will just create a new server... not a big deal.I have been searching and searching for days online and have found very little. So I broke down and decided to ask here.
I am running Ubuntu server 16.04. I have deleted the actual .log files in /var/log.. They dont seem to be coming back.
However when I look at the logrotate it does have current dates on there.
I am not sure what command or commands I need to run to disable any and all logging for a security/ privacy server.
If there is anything that you need please let me know and I will do what I can.
Thank you again for any help that you can provide.
-
the_velour_fog over 7 yearsWhy do you want to delete all your log files? what scenario do you envisage where having logs would compromise (and not improve) the security of your server?
-
George Udosen over 7 yearsTry here and see if the logrotate configuration helps.
-
strapt over 7 yearswell mainly the logs where anyone could pull identifying information about me is what I am looking for.
-
strapt over 7 yearsLogs that would be non identifying but helpful I could keep I suppose.
-
Rinzwind over 7 years"identifying information about me" and what log would that be? By the way: if they can READ those logs you are screwed anyways.
/var/log/
requiressudo
. Paranoia is fine but you are stretching it... Those logs are there to warn and help you identifying problems. Not to help others. Leave those logs as they are. Ubuntu in itself IS secure.
-