From owner-freebsd-isp  Mon Sep 24 23:55:30 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from gekko.ms-agentur.de (server.ms-agentur.de [62.153.134.194])
	by hub.freebsd.org (Postfix) with ESMTP id 8483637B40B
	for <freebsd-isp@FreeBSD.ORG>; Mon, 24 Sep 2001 23:55:24 -0700 (PDT)
Received: from i-clue.de (automatix.i-clue.de [192.168.0.112])
	by gekko.ms-agentur.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id JAA20635;
	Tue, 25 Sep 2001 09:05:04 +0200
Message-ID: <3BB02A56.60908@i-clue.de>
Date: Tue, 25 Sep 2001 08:55:18 +0200
From: Christoph Sold <so@i-clue.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:0.9.4+) Gecko/20010916
X-Accept-Language: de, en
MIME-Version: 1.0
To: Butch Evans <butch@sheltonbbs.com>
Cc: Freebsd-ISP <freebsd-isp@FreeBSD.ORG>
Subject: Re: couple of questions
References: <Pine.BSF.4.21.0109242343130.10358-100000@216-41-137-20.semo.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Butch Evans wrote:

>First of all, I want to add another disk to my server.  I will use
>this disk exclusively for log files.  As you know, the logs can grow
>quite large, so I wonder about the block size.  Is it better to use
>a larger than 8192 block size?  Pros and cons would be helpful.
>
Don't know. Since there are a lot of inodes in the default disk format, 
you may wish to decrease the number of inodes. Anyhow, that buys only a 
few MB of saved space.

>Next, I will be moving my existing logfiles to this disk.  Is
>something like the following a good plan (new disk will be mounted
>as /var/logs):
>
>mv -R /var/log/* /var/logs 
>mv /var/log /var/log.old
>ln -sf /var/logs /var/log
>
>Is there a better method?  I don't mind losing a few lines of log
>entries during the move, I am just concerned about unknown side
>effects.
>
This will not work, at least, you'd have to singal each program logging 
to /var/log the file location has changed. Better:

# mnt /dev/newdisk /mnt
# cd /var/log
# tar cf - . | (cd /mnt; tar xpf -)
# umount /mnt

To copy the old logs;

# shutdown now

to have all daemons (including the ones you forgot as well as syslogd) 
to shutdown themselves,

# rm -rf /var/log/*

to free the disk space occupied by your old logs

# mount /dev/newdisk /var/log
# ^D

and you're all set up. Needs about a minute or two in single user mode.

>In a side note...does anyone have a script to clean the entries in
>an apache log of the junk requests from the Code Red and Nimda
>worm? 
>
grep -v "offending string" < apache.errors > apache.errors.filtered

> This is something I will be using in my daily maint script
>until the storm starts to pass.  I am more familiar with perl than
>awk or sed (or other scripting languages), so please send in that
>language, if possible.  
>
HTH
-Christoph Sold



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message