Page 323 - Asterisk™: The Future of Telephony
P. 323

Managing Logs

               Asterisk activity generates events that will cause the creation of an entry in either the
               main system logs, or in Asterisk’s own logfiles. On a busy system (or a system that is
               experiencing a severe problem), these logfiles can grow very large, very quickly. If de-
               bugging is turned on, the processes involved in writing to these logfiles can begin to
               have an effect on system performance. By default, Asterisk will simply add to the files
               until the hard drive is full. Fortunately, Linux provides utilities to handle the rotation
               of logfiles (so that no single file becomes too large), and also the deletion of older logfiles
               (which will prevent the system from getting clogged with logfiles).
               The logrotate utility is normally run once per day by the operating system. Unfortu-
               nately, since there is no script installed to instruct logrotate on how to handle Asterisk,
               its logfiles will grow unchecked until a rotate script is added to handle them. In order
               to make that happen, we need to set up parameters for Asterisk in a file in the /etc/
               logrotate.d directory. This file will need to rotate the current logfile, and then send
               Asterisk instructions to rotate its own logger (causing it to stop using the now old logfile,
               and generate a new file).
               Create a new file /etc/logrotate.d/asterisk and place the following lines in it:
                   /var/log/asterisk/* /var/log/asterisk/cdr-csv {
                   missingok
                   sharedscripts
                   monthly
                   rotate 12
                   postrotate
                       asterisk -rx "logger rotate" > /dev/null 2> /dev/null
                   endscript
                   }
               This file tells the logrotate utility to rotate the Asterisk logs every month, save 12 months
               worth of logs, and then tell Asterisk that the logfiles have been rotated (which will cause
               Asterisk to create new logfiles and begin writing to them). We selected these values
               arbitrarily. Feel free to adjust them to suit your needs.


               Running Asterisk As a Non-root User

               By default, Asterisk runs as the root user, and while we don’t have any hard data, our
               own experiences lead us to conclude that the vast majority of Asterisk systems are run
               in  this  default  state.  From  a  security  perspective,  this  represents  an  unacceptable
               risk―strangely, one which most of us seem willing to take.
               Running Asterisk as non-root is not terribly hard to achieve, but it requires a few extra
               steps, and debugging it can be frustrating if you do not understand how Linux per-
               missions work. However, from a security perspective it is well worth the effort.





                                                                         Managing Logs | 295
   318   319   320   321   322   323   324   325   326   327   328