Date: Mon, 4 Feb 2008 18:22:18 +0100 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: "Michael K. Smith - Adhost" <mksmith@adhost.com>, questions@freebsd.org Subject: Re: chflag sappend /var/log/messages - syslog-ng can't rotate logs Message-ID: <200802041822.19437.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <17838240D9A5544AAA5FF95F8D520316034129E7@ad-exh01.adhost.lan> References: <17838240D9A5544AAA5FF95F8D520316034129E7@ad-exh01.adhost.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 04 February 2008 12:20:49 Michael K. Smith - Adhost wrote: > I'm interested in making my messages file more likely to survive a hacking > attempt and I've set the sappend flag to that end. It would be nice if > syslog-ng could actually rotate the logfile since it gets quite large, but > the sappend flag seems to prohibit that from happening. Is there any way > to maintain the flag and allow syslog-ng to rotate the files? Hmm, since there's no rotate command to be configured in syslog-ng, you could maybe trick it, by letting a daemon clear the flag and put it back on on the new file. However, it would defeat the purpose, since anyone able to send the signal you specify to the daemon would clear the flag. Best thing to do is take it out of syslog-ng rotation and use cron to rotate it, using a customized script (which of course you the put noschg flag on, once your satisfied). Of course, you could also file a PR and request support for a custom rotate command to be added to syslog-ng ;) -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802041822.19437.fbsd.questions>