From owner-freebsd-current@FreeBSD.ORG  Tue May 12 18:26:11 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F1AD3106566B;
	Tue, 12 May 2009 18:26:11 +0000 (UTC) (envelope-from gad@FreeBSD.org)
Received: from smtp8.server.rpi.edu (smtp8.server.rpi.edu [128.113.2.228])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DFF58FC1A;
	Tue, 12 May 2009 18:26:11 +0000 (UTC) (envelope-from gad@FreeBSD.org)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by smtp8.server.rpi.edu (8.13.1/8.13.1) with ESMTP id n4CHESWb022730;
	Tue, 12 May 2009 13:14:30 -0400
Mime-Version: 1.0
Message-Id: <p06240800c62f5d4bab62@[128.113.24.47]>
In-Reply-To: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru>
References: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru>
Date: Tue, 12 May 2009 13:14:27 -0400
To: Dmitry Morozovsky <marck@rinet.ru>, freebsd-current@FreeBSD.org
From: Garance A Drosehn <gad@FreeBSD.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Bayes-Prob: 0.0001 (Score 0)
X-RPI-SA-Score: 0.10 () [Hold at 20.00] COMBINED_FROM
X-CanItPRO-Stream: outgoing
X-Canit-Stats-ID: Bayes signature not available
X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.228
Cc: gad@FreeBSD.org
Subject: Re: newsyslog(8) patch for both size and time checks
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2009 18:26:12 -0000

At 1:59 PM +0400 5/12/09, Dmitry Morozovsky wrote:
>Dear colleagues,
>
>for now, if log is configured to be rotated in time manner, its size is not
>checked, so /var/log may be DoSed by some service (in our case, it 
>was mad DHCP client which fills up our /var/log with dhcpd log; our 
>newsyslog.conf
>line was
>
>/var/log/dhcpd				640  5     5000	@T00	JC
>
>The following simple patch should fix the problem. Any objection to commit
>this?

It would fix your problem, but it changes the behavior as is explicitly
documented in  'man newsyslog.conf' .  There is a paragraph in the man
page which makes it clear that if both fields are specified, then the
log file will only be rotated if both conditions are true.

I agree that newsyslog needs some way to specify an "either/or"
combination of those fields.  I believe I have some time to look into
changes to newsyslog right this week, so I'll see what is needed to
address this issue.

-- 
Garance Alistair Drosehn     =               drosehn@rpi.edu
Senior Systems Programmer               or   gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA