Date: Thu, 14 May 2009 16:53:43 -0400 From: Garance A Drosehn <gad@FreeBSD.org> To: Dmitry Morozovsky <marck@rinet.ru>, Garance A Drosehn <gad@FreeBSD.org> Cc: freebsd-current@FreeBSD.org Subject: Re: newsyslog(8) patch for both size and time checks Message-ID: <p06240803c630b7a4d79e@[128.113.24.47]> In-Reply-To: <alpine.BSF.2.00.0905131143400.19978@woozle.rinet.ru> References: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru> <p06240800c62f5d4bab62@[128.113.24.47]> <alpine.BSF.2.00.0905131143400.19978@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[I wrote this yesterday, but apparently I then miniaturized
the window instead of posting it...]
At 11:45 AM +0400 5/13/09, Dmitry Morozovsky wrote:
>On Tue, 12 May 2009, Garance A Drosehn wrote:
>
>GAD> > for now, if log is configured to be rotated in time manner, its
>GAD> > size is not checked,
>GAD> > so /var/log may be DoSed by some service (in our case, it was
>GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our
>GAD> > newsyslog.conf line was
>GAD> >
>GAD> > /var/log/dhcpd 640 5 5000 @T00 JC
>GAD> >
>GAD> > The following simple patch should fix the problem. Any objection to
>GAD> > commit
>GAD> > this?
>GAD>
>GAD> It would fix your problem, but it changes the behavior as is explicitly
>GAD> documented in 'man newsyslog.conf' . There is a paragraph in the man
>GAD> page which makes it clear that if both fields are specified, then the
>GAD> log file will only be rotated if both conditions are true.
>
>Nope, there is statement about time/interval combination, and size is not
>mentioned:
>
>== 8< ==
>When both a time and an interval are specified then both conditions
>must be satisfied for the rotation to take place.
>== 8< ==
Admittedly I did look at that and read it wrong, but there is also:
If a time is specified, the log file will only be trimmed if
newsyslog(8) is run within one hour of the specified time.
>Also, I can't find anything about expected behaviour in the standards...
Well, it's a BSD program. I wouldn't expect to see anything about it
in any standards writeup!
>GAD> I agree that newsyslog needs some way to specify an "either/or"
>GAD> combination of those fields. I believe I have some time to look
>GAD> into changes to newsyslog right this week, so I'll see what is
>GAD> needed to address this issue.
>
>Thank you for looking into this.
The behavior you want is something many people (including me!) have
wanted, and it is something we should add. I could have sworn there
was an undocumented way to get this behavior, but I recently tried
what I thought that method was, and it doesn't seem to work.
--
Garance Alistair Drosehn = drosehn@rpi.edu
Senior Systems Programmer or gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06240803c630b7a4d79e>