How to permanantly disable /var/log/secure?

centos logs

12,653

/var/log/secure is written to by syslogd (or rsyslogd, depending on the OS version) -- this is controlled by /etc/syslog.conf (or /etc/rsyslog.conf). As shipped, the log class "authpriv.*" is set to log to this file. If you don't wan't logging, your can comment out this selector from the .conf file.

Also, check the logrotate configuration (/etc/logrotate.conf, /etc/logrotated.d/) for the rotation script for syslog. This will typically re-create the file (although the file won't be growing if you comment it out of /etc/rsyslog.conf).

12,653

ZeroxZerox

Updated on September 18, 2022

Comments

ZeroxZerox almost 2 years

When I delete /var/log/secure this file will be recreated. How do I disable the recreation of this file?
- Timo over 10 years
  
  Do you know which program creates that file?
- Gilles 'SO- stop being evil' over 10 years
  
  Where do you want the information that normally gets logged in this file to end up?
ZeroxZerox over 10 years

/var/log/secure always gets renamed to something like secure-20140902, because of logrotation. This is default behavior! So it is a fact that "the creating program renames the old /var/log/secure"
ZeroxZerox over 10 years

Is this everything that needs to be done?
ZeroxZerox over 10 years

Should you simply delete the logrotate.conf and lograted.d?
Derek Pressnall over 10 years

You do not want to delete logrotate configuration files -- there are several ones in there, if you delete them then your log files will continue to grow. First, I should have probably asked you, why you don't want /var/log/secure? Is it because it is getting too large before it gets rotated out? If so, you can adjust the rotate scripts so that it rotates sooner, and compresses when it rotates.