A few weeks ago we had some servers going really slow in response, a real weird behaviour never seen, as I have been using the same sort of configuration as on the previous cPanel servers [Maldet and Inotify] I was not sure what was causing it, with help from John @d2d4j and Interworx we found that the inotify log file has become huge on 2 servers they where each 14GB and 16GB. Once the log file was deleted all was back at full speed, it seems that the Maldet and inotify where not in the log rotation process, so this is what I did to have the inotify log file rotating.
I added in etc/logrotade.d a file for maldet/inotify to rotate the 3 log files:
create 0644 root root
create 0640 root root
/bin/systemctl condrestart maldet.service > /dev/null 2>/dev/null || true
Save and with below commands you can check if all works fine.
Test - Debug and run logrotate.
logrotate -d -f /etc/logrotate.d/maldet
-d is with debug, check if you see something not right!
logrotate -f /etc/logrotate.d/maldet
-f is run forced, check the /usr/local/maldetect/logs folder to find the rotate files and see if the inotify_log is growing
This little script checks those 3 logfiles and rotate them weekly, keeps 4 of each log file versions in case you want to check something later and restarts maldet to make sure the logging starts again after the logrotation.
Sadly we have been hit by several storms and I had not much time to put it up, but I hope it will help some one in time.