From owner-freebsd-security Thu Mar 8 3:13:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 5AD6F37B71A for ; Thu, 8 Mar 2001 03:13:35 -0800 (PST) (envelope-from craig@allmaui.com) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id GAA13842; Thu, 8 Mar 2001 06:13:32 -0500 Message-ID: <3AA76A15.44C9BB29@allmaui.com> Date: Thu, 08 Mar 2001 03:16:37 -0800 From: Craig Cowen X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "tjk@tksoft.com" Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: ipmon via syslog References: <200103081111.DAA28826@uno.tksoft.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for your help. Do you see any problems with my current setup as outlined below? "tjk@tksoft.com" wrote: > It depends. > > You might have a cron entry for rotating logs with "newsyslog." In > that case you could specify the daemon to send a signal to, in the > /etc/newsyslog.conf file. > > The /etc/newsyslog.conf has lines like this: > > /var/log/ipf.log 664 3 5000 604800 Z /var/run/syslog.pid > > This would send a HUP signal to syslog when the logs are rotated. > (at 5 Mb, not more often than once a week). > > Troy > > > > > That dosen't seem reasonable. > > are you saying that I need to know when it roles over and then manually > > restart syslogd? > > > > I am starting ipmon on boot up via > > > > ipmon -s -a -D > > > > > > my syslog.conf has this line: > > > > local0.* /var/log/ipf.log > > > > newsyslog.conf: > > > > /var/log/ipf.log 600 40 1024 * Z > > /var/run/ipmon.pid > > > > > > > > "tjk@tksoft.com" wrote: > > > > > You need to restart (or send a HUP to) syslogd. > > > > > > Other applications which generate log entries (and don't > > > go through syslogd), might need their own restarts. E.g. > > > httpd. > > > > > > /etc/syslog.conf tells you the syslogd controlled files. > > > > > > Troy > > > > > > > > > > > When ever my log roles over there is a four hour lag. > > > > That is, no logging for the first four hours of the new log file. > > > > > > > > Any suggestions? > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message