Date: Thu, 16 Jan 2003 11:55:46 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: syslog.conf and newsyslog.conf questions Message-ID: <20030116165546.GB6646@keyslapper.org>
next in thread | raw e-mail | index | archive | help
Hey all. I have a silly little admin question. Recently I got a message on my work machine security check output saying that there was a failed login attempt for my id, from an IP that seemed a little familiar. The date of the attempt was January 14. Well, grepping thru /var/log/auth.log, I found the message, but it seems it was actually last year. The IP was familiar because it is one I used to have when I had AT&T Broadband as my ISP at home. There was a hole in the firewall at work at the time, but it shouldn't have been there now. Anyway, it caused quite a bit of confusion before we realized that the security output was only grepping out the previous days entries without using the year - and why should it, they aren't even part of the entries. What I need to do obviously, is get my auth.log to roll from time to time. Preferably on a monthly basis. The thing is, what, if anything, should I put in the PIDFILE and SIGNAL fields to ensure the daemon resumes logging to a new auth.log rather than continuing to log to the one that's been rolled and possibly compressed? Here's what I have so far for the entry: /var/log/auth.log 640 12 * $M1D0 Z I'm guessing this is a syslog logfile judging from the /etc/syslog.conf entry: auth.info;authpriv.info /var/log/auth.log So, should I provide the path to that pidfile? I have other entries in /etc/newsyslog.conf that correspond to log entries in /etc/syslog.conf, but don't have any signal or pidfile info. Is this ok? It does look like the logs get rolled properly without the need for pidfile or signal info, but I want to be sure. TIA Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ The following statement is not true. The previous statement is true. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030116165546.GB6646>