Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Mar 2012 09:28:39 -0600
From:      Ian Lepore <freebsd@damnhippie.dyndns.org>
To:        Gleb Smirnoff <glebius@freebsd.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r233167 - head/etc
Message-ID:  <1332170919.8403.35.camel@revolution.hippie.lan>
In-Reply-To: <201203190930.q2J9UeO5060866@svn.freebsd.org>
References:  <201203190930.q2J9UeO5060866@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 2012-03-19 at 09:30 +0000, Gleb Smirnoff wrote:
> Author: glebius
> Date: Mon Mar 19 09:30:40 2012
> New Revision: 233167
> URL: http://svn.freebsd.org/changeset/base/233167
> 
> Log:
>   Rotate auth.log and messages at the beginning of a year. Otherwise,
>   daily security checks 800.loginfail and 900.tcpwrap may produce
>   false positive alerts.
> 
> Modified:
>   head/etc/newsyslog.conf
> 
> Modified: head/etc/newsyslog.conf
> ==============================================================================
> --- head/etc/newsyslog.conf	Mon Mar 19 08:10:23 2012	(r233166)
> +++ head/etc/newsyslog.conf	Mon Mar 19 09:30:40 2012	(r233167)
> @@ -19,7 +19,7 @@
>  # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
>  /var/log/all.log			600  7	   *	@T00  J
>  /var/log/amd.log			644  7	   100	*     J
> -/var/log/auth.log			600  7     100  *     JC
> +/var/log/auth.log			600  7     100  @0101T JC
>  /var/log/console.log			600  5	   100	*     J
>  /var/log/cron				600  3	   100	*     JC
>  /var/log/daily.log			640  7	   *	@T00  JN
> @@ -28,7 +28,7 @@
>  /var/log/kerberos.log			600  7	   100	*     J
>  /var/log/lpd-errs			644  7	   100	*     JC
>  /var/log/maillog			640  7	   *	@T00  JC
> -/var/log/messages			644  5	   100	*     JC
> +/var/log/messages			644  5	   100	@0101T JC
>  /var/log/monthly.log			640  12	   *	$M1D0 JN
>  /var/log/pflog				600  3	   100	*     JB    /var/run/pflogd.pid
>  /var/log/ppp.log	root:network	640  3	   100	*     JC


This change may not behave exactly as you expect unless the patch in PR
kern/160432 or something equivelent is commited.  (It should have been
bin/ not kern/, my bad.)

 http://www.freebsd.org/cgi/query-pr.cgi?pr=160432

To summarize, if both 'size' and 'when' are specified, the size is
ignored and only the time is used.  The patch in that PR fixes it.
We've been running our embedded products with the patch for years
because rotating based on size is important when /var/log is a ramdisk.

-- Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1332170919.8403.35.camel>