From owner-freebsd-questions  Sun Jun 10 10:34:38 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.121.12])
	by hub.freebsd.org (Postfix) with ESMTP id 7C50537B403
	for <freebsd-questions@freebsd.org>; Sun, 10 Jun 2001 10:34:33 -0700 (PDT)
	(envelope-from ipthomas_77@yahoo.com)
Received: from scraemondaemon.my.domain (1Cust252.tnt8.buffalo.ny.da.uu.net [63.10.12.252])
	by harrier.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id KAA11399;
	Sun, 10 Jun 2001 10:34:31 -0700 (PDT)
Received: (from ipt@localhost)
	by scraemondaemon.my.domain (8.9.3/8.9.3) id NAA00787;
	Sun, 10 Jun 2001 13:33:25 -0400 (EDT)
	(envelope-from ipt)
From: "Ian P. Thomas" <ipthomas_77@yahoo.com>
Message-Id: <200106101733.NAA00787@scraemondaemon.my.domain>
Subject: Re: small /var partition; how do I prevent log file overflow?
To: dave@atkinshome.com (Dave Atkins)
Date: Sun, 10 Jun 2001 13:33:24 -0400 (EDT)
Cc: freebsd-questions@freebsd.org
In-Reply-To: <001001c0f1cf$18be68b0$0300a8c0@dave> from "Dave Atkins" at Jun 10, 2001 10:02:13 AM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	newsyslog can archive(gzip) log files when they reach a certain
size.  You can also symlink /var/log/security to your /usr directory.

mv /var/log/security /usr
cd /var/log
ln -s /usr/security     

Ian

In the last episode, Dave Atkins stated...
> 
> I've done this so many times now on various operating systems that I should
> know better...but when I did the install of freebsd 4, I let the install
> program set up my partitions. Now, I've got this great setup:
> 
> FreeBSD 4.3-RELEASE (DAVE) #1: Sat Jun  9 15:52:40 PDT 2001
> $ df -k
> Filesystem  1K-blocks     Used    Avail Capacity  Mounted on
> /dev/ad0s1a     99183    35244    56005    39%    /
> /dev/ad0s1f   1350983   614495   628410    49%    /usr
> /dev/ad0s1e     19815     1264    16966     7%    /var
> procfs              4        4        0   100%    /proc
> 
> My concern is that /var is so small. I am running a firewall and doing
> limited logging, but still, I can imagine 20 Meg of log files happening.
> 
> I will never *need* 20 meg of logs, so how can I configure things to avoid
> overflowing space? As I recall, the log files somehow cycle/rotate (maillog
> does a daily file and compresses itself). I'm going to turn off sendmail
> anyway, so I won't worry about the spool directory, but I am nervous about
> /var/log/security and the other log files. I have seen several systems crash
> because of DoS attacks or just forgetfulness on the part of the sysadmin
> that led to exploding log files. What is the best way to cap these files and
> prevent the situation from getting out of control?
> 
> Thanks
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message