Date: Wed, 12 May 2004 09:27:02 -0400 From: "JJB" <Barbish3@adelphia.net> To: "Lowell Gilbert" <freebsd-questions-local@be-well.ilk.org> Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: RE: Force newsyslog to rotate from custon script Message-ID: <MIEPLLIBMLEEABPDBIEGIEOFFNAA.Barbish3@adelphia.net> In-Reply-To: <44isf1x0un.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your reply Both of your suggestions are good but have the same problem. When the newsyslog command is run the rotate space trigger in newsyslog.conf may or may not be met. I need an return code or exit code from the newsyslog command to check to tell if trigger was met and log really rotated. Does newsyslog issue such codes and how would I code an csh script to check for it? Trying to for see an DOS attack targeted at consuming all the log disk space in /var -----Original Message----- From: lowell@be-well.ilk.org [mailto:lowell@be-well.ilk.org]On Behalf Of Lowell Gilbert Sent: Wednesday, May 12, 2004 8:54 AM To: Barbish3@adelphia.net Cc: freebsd-questions@FreeBSD. ORG Subject: Re: Force newsyslog to rotate from custon script "JJB" <Barbish3@adelphia.net> writes: > Problem description: My ipfilter log is rotated using > newsyslog.conf. The file is rotated on file size option. I have > custom script that reads the log and builds email containing list of > abusive source IP address. This custom script is included in the > daily management report process. Problem is that on days that there > is a lot of blocked traffic the log may rotate multiple times and my > daily management report script only runs against the current active > log. > > Is their some way to keep the log defined in newsyslog.conf without > any rotate option and add something to my custom script to tell > newsyslog to rotate the log after the script has processed the > current active log file? I would recommend a slightly different approach. Either of a couple of different approaches, in fact... One way to do this would be to use a separate config file for newsyslog(8) rather than /etc/newsyslog.conf. Then you run newsyslog and use the -f option to have it use your special-purpose configuration just for rotating this ipfilter log. The other way would be to do the rotation directly, in your script which processes the file. It should only take three or four commands in the script. That would let you more or less eliminate any race conditions that might leave data out of your logs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEOFFNAA.Barbish3>