How to rotate these insane Samba logs properly? (couldnt post in samba)
Apologies - I tried to post this in the Samba forum, but when ever I clicked on its link it would show me not logged in...strange or no posting allowed in there? :)
In any case, here is my question please:
I'm using Debian 5.0.4 Lenny with shell access only.
I've recently set up logwatch. I received an e-mail from 'Cron Daemon' stating:
subject: Cron <root@********> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
Can't exec "/bin/sh": Argument list too long at /usr/sbin/logwatch line 853.
system 'cat /var/log/samba/log.0.0.0.0 /var/log/samba/log.7100s-eab3b1090 /var/log/samba/log
So I took a look into /var/log/samba/ and it contains 5782 files!
[b]-[/b] 5194 are 0 bytes named with an IP at the end, for example: log.__ffff_123.456.789
[b]-[/b] 248 are log.__ffff_* containing the same error over and over again
[quote][2009/07/01 00:47:50, 0] lib/util_sock.c:get_peer_addr_internal(1676)
getpeername failed. Error was Transport endpoint is not connected
read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.[/quote]
I read up on this error and it seems to have been related only to XP users connecting to the site (client's program by default trying a different port first). I read to add smb ports=139 to samba conf to fix this. I haven't done this since there hasn't been any new error files created (I'm presuming this has been fixed in some upgrade I did, no idea).
[b]- [/b]78 are various logs, all 0 bytes, each having unique, mostly strange names such as
[b]- [/b]The balance of logs again are various unique names.
Containing either the error above, or log.momerdadd for example:
[quote][2009/07/13 12:57:28, 1] smbd/service.c:make_connection(1288)
make_connection: refusing to connect with no session setup[/quote]
[b]- [/b]The largest files are 1MB.
[b]- [/b]The only compressed files are 7: log.nmbd.1.gz - 7.
[b]- [/b]The latest date on any of these files in July 19 2009.
[b]- [/b]There has not been any new files created in this directory since then.
(There is also a sub directory /cores/smbd & /cores/nmbd both empty)
[b]- [/b]So my questions are:
1. Should I be concerned with those strange names (log.Ð_Ð_Ð_Ð_-Ð_Ð_Ð_Ð_, log.shrek etc)?
2. How do I, or even should I, try to set those log.__ffff_* files to one log so it doesn't create a new one for every IP?
3. If I do logrotate with settings for example:
It is still going to leave those 1000's of 0 byte logs and if this were to happen again, endless amounts I imagine.
I imagine I could create a cron job to rm /var/log/samba/*log*
I don't know if this would be optimal tho and miss some important notifications.
4. Any idea why there hasn't been any new log files created since July 2009 - could it be because there are already over stuffed in there?
Or I'm just fortunate that there are no errors to log? :)
Or it could be because, if I recall correctly, I moved SSH port off of 22, and closed webmin around that time.
So I'm thinking is OK to just delete all. :D
Thank you for taking the time to read this.