How to deal with log storage/rotation

[aseques]

Keeping proper logs is really important when looking for issues on your server. Usually is the only way you can find attacks or broken stuff. Also it's mandatory by law to keep this information for at least six months in Europe.

Here I'll summarize the issues and the best practices about log keeping (in my opinion) and open bugs about what can be improved.
Feel free to report any issues you find or corrections about this.

The most important logfiles are:
.- The logs used for http accounting are the ones /var/log/apache2/*.log (cannot use dateext)
.- The logs used for ftp accounting are the ones in /var/log/proftpd/ftp_traff.log (cannot use dateext)
.- The per user logs from apache are on /var/log/apache2/users/*
.- The mail logs are on /var/log/mail.*

More information about the logs: here

Known issues

Create a script to handle the old log archive
There is a big amount of logs in a used server. There should be a crontab that could handle the catalogation of those logs. There's a ready to use patch in ticket 2577
Ticket 2577


Updates
improvements in logrotate
The logs that are interesting to be keeped should change the name scheme into something more clear (specifying date). Rotation should be done daily to help in high traffic sites. The logs should be keeped for longer time.
Ticket 2570
Fixed on r3838