Issue with Log Retain Duration
Log Retain Duration is not working
If the Log Retain duration is not working you need to check the following:-
1. Check if you have set a cronjob for the root user to run daily or once a week so that log files stored on the server in the directory ( /var/log/ezlogin/ ) are truncated when older than the specified number of days.
To set a cronjob for root user to run daily or once a week so that log files stored on the server in the directory ( /var/log/ezlogin/ ) are truncated when it exceeds a particular size or when it older than the specified number of days. The path to the command that needs to be set in cron is,
The ssh log files recorded are stored in the directory /var/log/ezlogin/full , /var/log/ezlogin/input, /var/log/ezlogin/output, /var/log/ezlogin/rdp. The ’full’ directory store the entire ssh sessions. The ’input’ directory store the recording from the STDIN . The ’output’ directory stores the recording from the STDOUT and the ’rdp’ directory stores the rdp session recorded.
2. Increase the PHP limit
To increase the PHP limit, you need to increase the memory limit in the /etc/php.ini file ( Increase the memory limit up to 1Gb or more.)
root@jumpserver:~# vi /etc/php.ini
3. You can also delete ssh log from the GUI by selecting the ssh log session and by clicking on the trash icon.
Ensure the housekeeping script is set to run in cron ( 0 6 * * * php /usr/local/ezlogin/house_keeping.php ) so that the ssh sessions recorded which are stored in files are deleted from the backend server. You may also run the command manually to ensure that files are deleted from the backend almost instantly. You may wonder why the ssh log recorded stored in the directory /var/log/ezlogin is not deleted when the ssh recording is deleted from the gui, this is because the webserver user does not have the privileges to delete the ssh log recording in the ownership of the ssh gateway user.