My server has been hacking, exploring a flaw in horde (http://www.horde.org/) My ISP blocked my cable modem. I can't prove anything because I just have last month of logs, it is fair enough for have last year of logs changing logrotate.conf to diff /tmp/logrotate.conf /etc/logrotate.conf 6c6 < rotate 4 --- > rotate 52
I think this amount of logs could occupy enough disk space and this option is not suitable for most admins.
I don't agree , if exploiter knows, looks like is my case, just wait one month and all logs of attack gone. At least put 2 or 3 months .
I agree with Peter. Per default only very less people want to have what you're expecting as new default. Please remember, that /etc/logrotate.conf is marked as configuration file and won't be replaced during update when you modified it. So /etc/logrotate.conf is a configuration file and provides IMHO well defaults. If you don't agree, just change the file to your needs.