From owner-freebsd-questions Thu Jan 16 8:55:57 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE40237B401 for ; Thu, 16 Jan 2003 08:55:55 -0800 (PST) Received: from mail-relay1.mirrorimage.net (mail-relay1.mirrorimage.net [209.58.140.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id B036443F1E for ; Thu, 16 Jan 2003 08:55:54 -0800 (PST) (envelope-from leblanc@mirrorimage.net) Received: from leblanc.mirrorimage.net (leblanc.mirrorimage.net [209.192.210.146]) by mail-relay1.mirrorimage.net (8.9.3/8.9.3) with ESMTP id LAA10563 for ; Thu, 16 Jan 2003 11:55:49 -0500 Received: from leblanc.mirrorimage.net (localhost [127.0.0.1]) by leblanc.mirrorimage.net (8.12.3/8.11.4) with ESMTP id h0GGtktk006849 for ; Thu, 16 Jan 2003 11:55:47 -0500 (EST) (envelope-from leblanc@leblanc.mirrorimage.net) Received: (from leblanc@localhost) by leblanc.mirrorimage.net (8.12.3/8.12.3/Submit) id h0GGtk9k006848 for freebsd-questions@FreeBSD.org; Thu, 16 Jan 2003 11:55:46 -0500 (EST) Date: Thu, 16 Jan 2003 11:55:46 -0500 From: Louis LeBlanc To: FreeBSD Questions Subject: syslog.conf and newsyslog.conf questions Message-ID: <20030116165546.GB6646@keyslapper.org> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.3i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey all. I have a silly little admin question. Recently I got a message on my work machine security check output saying that there was a failed login attempt for my id, from an IP that seemed a little familiar. The date of the attempt was January 14. Well, grepping thru /var/log/auth.log, I found the message, but it seems it was actually last year. The IP was familiar because it is one I used to have when I had AT&T Broadband as my ISP at home. There was a hole in the firewall at work at the time, but it shouldn't have been there now. Anyway, it caused quite a bit of confusion before we realized that the security output was only grepping out the previous days entries without using the year - and why should it, they aren't even part of the entries. What I need to do obviously, is get my auth.log to roll from time to time. Preferably on a monthly basis. The thing is, what, if anything, should I put in the PIDFILE and SIGNAL fields to ensure the daemon resumes logging to a new auth.log rather than continuing to log to the one that's been rolled and possibly compressed? Here's what I have so far for the entry: /var/log/auth.log 640 12 * $M1D0 Z I'm guessing this is a syslog logfile judging from the /etc/syslog.conf entry: auth.info;authpriv.info /var/log/auth.log So, should I provide the path to that pidfile? I have other entries in /etc/newsyslog.conf that correspond to log entries in /etc/syslog.conf, but don't have any signal or pidfile info. Is this ok? It does look like the logs get rolled properly without the need for pidfile or signal info, but I want to be sure. TIA Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ The following statement is not true. The previous statement is true. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message