It sounds like you need rsyslog. This allows for system logs (And other programs that use it) to be stored.
DietPi-Ramlog does not have rsyslog installed (to improve performance). So you’ll need to either install rsyslog manually, or, use the “Full” logging mode in dietpi-software.
I used your dietpi config to change the logging to rsyslog and logrotate. I noticed during the software install process heirloom-mailx was also installed. What is it’s purpose?
\
proftp config
In the proftp log file there are “wtmp /var/log/wtmp: No such file or directory” every few lines which increases the size of the file.
…
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.
These can be stopped by making WtmpLog off in the config. I’ve also made a few other
changes to the proftp.conf file:
#Correct time - may be still off due to DST -gw change
TimesGMT off
to stop logging wtmp /var/log/wtmp: No such file or directory -gw change
WtmpLog off
#This will jail users in one directory -gw change #DefaultRoot /root
/logfile_storage
When I was using your log option 2 there is an extra directory created with logs in it /logfile_storage . This is on top of the ones in /root/logfile_storage.
Under /var/log there are many files now - as might be expected
-rwxrwxr-x 1 root root 0 Dec 9 14:54 alternatives.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 apt
-rwxrwxr-x 1 root root 4596 Dec 9 16:08 auth.log
-rwxrwxr-x 1 root root 1066 Dec 9 15:42 daemon.log
-rwxrwxr-x 1 root root 1489 Dec 9 14:54 debug
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 17280 Dec 9 14:54 dmesg
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dpkg.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 fsck
-rwxrwxr-x 1 root root 25656 Dec 9 15:25 kern.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 lpr.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.err
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.info
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.warn
-rwxrwxr-x 1 root root 23866 Dec 9 14:54 messages
drwxrwxr-x 2 root root 4096 Dec 9 14:54 news
-rwxrwxr-x 1 root root 672 Dec 9 15:55 ntpd.log
drwxrwxr-x 2 root root 4096 Dec 9 15:14 ntpstats
drwxrwxr-x 2 root root 4096 Dec 9 14:54 proftpd
drwxrwxr-x 2 root root 4096 Dec 9 14:54 samba
-rwxrwxr-x 1 root root 27183 Dec 9 15:42 syslog
-rwxrwxr-x 1 root root 0 Dec 9 14:54 user.log
syslog is the main one while messages, kern.log, dmesg are just large subsets of the syslog. messages, kern.log, dmesg are redundant and taking up space.
For v103: I’ve updated the installation code to use --no-install-recommends, this will leave the mail package out for new installations.
Added to v103 patch and new proftpd installations: WtmpLog off
Not sure about this one. I vaguely remember a user having timestamp issues with proftpd, not sure if this was related. I’ll look into it a bit more.
Yep, enabling this will jail the proftpd logins to /root. This is left on by default so that our users dont get “lost” when using proftpd as a file server.
Strange, lets try to find all folders with that name on your system.
Could you run the following for me please and reply with results:
find / -type d -name logfile_storage
Try running the following to list all logfiles with 0 filesize, delete, then reboot system. If they reappear, they are being generated by rsyslog:
I’m no longer using your option 2 for logs (1hr logs with store) but this is what on my system currently.
root@DietPi:~# find / -type d -name logfile_storage
/root/logfile_storage
/logfile_storage
It was not so much that there were files (eg. mail) that had zero size, but that there were essentially 3 large files that contained almost exactly the same information. The syslog file contains all the information in the other two, making the other 2 redundant and only consuming disk space. I’m sure a tweek to to the rsyslog config file can fix that.
After deleting the 0 size file and rebootng they reappeared.
Since a few days ago, I noticed that my ftp service (proftpd) wasn’t starting at boot time. While troubleshooting, I discovered it’s an issue related to logfile folder as per .conf (/var/log/proftpd/) not being created beforehand:
Jul 13 16:18:53 DietPi proftpd[1158]: 2016-07-13 16:18:53,104 DietPi proftpd[1165]: fatal: ControlsLog: unable to open '/var/log/proftpd/controls.log': No such file or directory on line 66 of '/etc/proftpd/proftpd.conf'
A simple “sudo mkdir /var/log/proftpd/” and “sudo service proftpd start” via ssh promptly solves the issue, but I wonder if anything changed lately that may be affecting this behaviour, or someone else suffering this issue as well?
I’am not entirely sure what would cause this to be removed. Have you by any chance, used dietpi-cleaner or any other script/program that clears the /var/log directory?