Warning: Since a large /var/log/btmp could indicate that somebody runs brute force attacks against your system, you may should at least think about changing the ssh port or setting up tools like DenyHosts or Fail2Ban (see here for more information about preventing ssh brute force attacks).
By default logrotate seems not be configured for the /var/log/btmp file on a XenServer 5.6 system. Since every failed login in is logged in this file, the file can become very large and your system could run out of free disk space.
To add this file to the logrotate config, add the following lines to /etc/logrotate.conf:
/var/log/btmp {
monthly
minsize 1M
create 0600 root utmp
rotate 1
} |
After editing the config it could be reasonable to run logrotate manually to clean up the log files with the following command:
# logrotate -f /etc/logrotate.conf |
If you are unsure about the result, you can add the “-d” switch for a “dry run” to see what logrotate would do:
# logrotate -d -f /etc/logrotate.conf |
