Date: Mon, 27 Oct 2003 06:08:38 -0800 From: Pete Ehlke <pde@ehlke.net> To: security@freebsd.org Subject: Re: /var partition overflow (due to spyware?) in FreeBSD default install Message-ID: <20031027140838.GA23841@ehlke.net> In-Reply-To: <20031023204646.A61063@cs.utah.edu> References: <6.0.0.22.2.20031023162326.04c1e008@localhost> <p0600201bbbbe19a62f97@[128.113.24.47]> <6.0.0.22.2.20031023183427.04e18d10@localhost> <p0600201cbbbe2f1e37c5@[128.113.24.47]> <20031023204646.A61063@cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 23, 2003 at 08:46:46PM -0600, David G. Andersen wrote: > Garance A Drosihn just mooed: > > newsyslog for the past year. I am pretty familiar with it. > > > > What I meant was that in circumstances where "once per hour" > > is not fast enough, then I do not believe the right solution > > is to rotate files every five minutes. Just MO. > > the problem is very obviously an excess of messages from bind. > This bug report should go to the ISC folks. No daemon should > be spewing out log messages at the _incredible_ rate that > bind does when it decides it doesn't like what it's getting > in this context. The same bug can be triggered by using a > forwarding nameserver that bind doesn't like. It logs messages at the rate that it sees errors. > The immediate question to ask is, "is this fixed in bind9?" > Well, no. The immediate question to ask is "why are you sending bind messages to syslogd in the first place?" see http://www.isc.org/products/BIND/docs/config/logging.html for how to configure bind to do sane logging, including size-based autorotation of log files. -Pete
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031027140838.GA23841>