Hi All,

A few weeks ago we had some servers going really slow in response, a real weird behaviour never seen, as I have been using the same sort of configuration as on the previous cPanel servers [Maldet and Inotify] I was not sure what was causing it, with help from John @d2d4j and Interworx we found that the inotify log file has become huge on 2 servers they where each 14GB and 16GB. Once the log file was deleted all was back at full speed, it seems that the Maldet and inotify where not in the log rotation process, so this is what I did to have the inotify log file rotating.

I added in etc/logrotade.d a file for maldet/inotify to rotate the 3 log files:

nano /etc/logrotate.d/maldet
/usr/local/maldetect/logs/event_log
/usr/local/maldetect/logs/clamscan_log {
weekly
rotate 4
size=100M
missingok
notifempty
compress
delaycompress
create 0644 root root
}
/usr/local/maldetect/logs/inotify_log {
weekly
rotate 4
size=100M
missingok
notifempty
compress
delaycompress
create 0640 root root
postrotate
/bin/systemctl condrestart maldet.service > /dev/null 2>/dev/null || true
endscript
}

Save and with below commands you can check if all works fine.

Test - Debug and run logrotate.

logrotate -d -f /etc/logrotate.d/maldet

-d is with debug, check if you see something not right!

logrotate -f /etc/logrotate.d/maldet

-f is run forced, check the /usr/local/maldetect/logs folder to find the rotate files and see if the inotify_log is growing

This little script checks those 3 logfiles and rotate them weekly, keeps 4 of each log file versions in case you want to check something later and restarts maldet to make sure the logging starts again after the logrotation.

Sadly we have been hit by several storms and I had not much time to put it up, but I hope it will help some one in time.

Nico