Date: Tue, 12 May 2009 13:14:27 -0400 From: Garance A Drosehn <gad@FreeBSD.org> To: Dmitry Morozovsky <marck@rinet.ru>, freebsd-current@FreeBSD.org Cc: gad@FreeBSD.org Subject: Re: newsyslog(8) patch for both size and time checks Message-ID: <p06240800c62f5d4bab62@[128.113.24.47]> In-Reply-To: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru> References: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
At 1:59 PM +0400 5/12/09, Dmitry Morozovsky wrote: >Dear colleagues, > >for now, if log is configured to be rotated in time manner, its size is not >checked, so /var/log may be DoSed by some service (in our case, it >was mad DHCP client which fills up our /var/log with dhcpd log; our >newsyslog.conf >line was > >/var/log/dhcpd 640 5 5000 @T00 JC > >The following simple patch should fix the problem. Any objection to commit >this? It would fix your problem, but it changes the behavior as is explicitly documented in 'man newsyslog.conf' . There is a paragraph in the man page which makes it clear that if both fields are specified, then the log file will only be rotated if both conditions are true. I agree that newsyslog needs some way to specify an "either/or" combination of those fields. I believe I have some time to look into changes to newsyslog right this week, so I'll see what is needed to address this issue. -- Garance Alistair Drosehn = drosehn@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06240800c62f5d4bab62>