t3chn0m4g3
commented
7 years ago What logs are you referring to? From your post I can see you are still running 16.03. Just to make sure please use the latest 16.10 version.
Closed kalfalasy5 closed 7 years ago
t3chn0m4g3
commented
7 years ago What logs are you referring to? From your post I can see you are still running 16.03. Just to make sure please use the latest 16.10 version.
kalfalasy5
commented
7 years ago Sorry i am using 16.10 my bad.
drwxrw---- 3 tpot tpot 4096 Jun 11 03:27 conpot/ drwxrw---- 6 tpot tpot 4096 Jun 11 03:27 cowrie/ drwxrw---- 7 tpot tpot 4096 Jun 11 03:28 dionaea/ drwxrw---- 3 tpot tpot 4096 Jun 11 03:27 elasticpot/ drwxrw---- 5 tpot tpot 4096 Aug 26 2016 elk/ -rwxrwxrwx 1 tpot tpot 90226 Jun 6 07:54 elkbase.tgz drwxrw---- 3 tpot tpot 4096 Jun 11 03:27 emobility/ drwxrwxrwx 6 tpot tpot 4096 Jun 6 07:54 ews/ drwxrw---- 5 tpot tpot 4096 Jun 11 03:28 glastopf/ drwxrw---- 5 tpot tpot 4096 Jun 11 03:27 honeytrap/ drwxrwxrwx 3 root root 4096 Jun 6 07:55 host/ -rwxrwxrwx 1 tpot tpot 97 Jun 6 07:54 images.conf drwxrwxrwx 2 tpot tpot 4096 Jun 6 07:54 imgcfg/ drwxrw---- 3 tpot tpot 4096 Jun 11 03:27 suricata/ drwxrwxrwx 2 tpot tpot 4096 Jun 6 07:54 systemd/
Basically anything that is dated "11 of Jun" got deleted
t3chn0m4g3
commented
7 years ago Login (then do a sudo su -) and locate the honeypot related startup scripts in /etc/systemd/system/. Use vi to open the file and find the line which calls for the clean.sh and change off to on. Afterwards just reboot. Now your logfiles are persisting.
kalfalasy5
commented
7 years ago Thank you for your quick reply, I just did what you said and hopefully I wont get the logs deleted next week.
htop)? 2.9G/3.8Ghtop)? 9.5%htop)? 86.6M/7.63Gsudo df -h)? 105GProblem : the log files where been deleted after 7 days automatically. is there a way to change the duration of file auto delete?