Date: Tue, 7 Mar 2006 20:36:26 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Garance A Drosehn <gad@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, John Baldwin <jhb@FreeBSD.org> Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.8 syslogd.c Message-ID: <20060307193626.GD62485@garage.freebsd.pl> In-Reply-To: <p0623091bc03385a0d409@[128.113.24.47]> References: <200603061036.k26AaXgt047115@repoman.freebsd.org> <200603061208.11685.jhb@freebsd.org> <20060307081419.GE56506@garage.freebsd.pl> <p0623091bc03385a0d409@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
--sgneBHv3152wZ8jf Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 07, 2006 at 02:08:43PM -0500, Garance A Drosehn wrote: +> At 9:14 AM +0100 3/7/06, Pawel Jakub Dawidek wrote: +> >On Mon, Mar 06, 2006 at 12:08:08PM -0500, John Baldwin wrote: +> >+> Did you know about the -C option to newsyslog? newsyslog is a +> >+> better tool for creating the log files since its config file +> >+> can specify permissions (owner, group, chmod). +> > +> >I agree, but I didn't removed this functionality from the +> >newsyslog(8). I wanted to have this simple functionality +> >in syslogd(8) for a few small reasons: +> > +> >- I don't really buy that not creating log files is a security +> > feature. +>=20 +> Creating them with the wrong group, wrong chmod bits, or not +> including 'nosave' on logfiles which are expected to be +> 'nosave' might be a problem. That's why I choosen safe permissions. I don't want it to replace newsyslog, I just want it to be handy. I very often find myself adding all.log to syslog.conf, restarting syslogd and realising that I forgot to create all.log file, so I need to create the file (its faster than calling newsyslog and I don't want to call it with -CC, that way I can avoid touching newsyslog.conf at all). +> >- You don't always want newsyslog(8) (eg. on a embedded system). +>=20 +> You don't want to rotate logfiles on an embedded system? Not always. On the system I had in mind we use our own script for this. +> >- Its more handy to add new log file and just restart syslogd +> > without any errors, instead of editing newsyslog.conf, +> > executing newsyslogd -C and then restarting syslogd. +>=20 +> To use this new syslogd feature, you're going to have to add +> that '-C' flag somewhere. And in /etc/defaults/rc.conf, we +> already have: +>=20 +> newsyslog_enable=3D"YES" # Run newsyslog at startup. +> newsyslog_flags=3D"-CN" # Newsyslog flags to create marked files +>=20 +> All you need to do is add a second '-C' to those newsyslog_flags, +> and newsyslog will automatically create all log files which do +> not exist. And if you're adding a new logfile to /etc/syslog.conf, +> then it seems to is very likely that you will also want to add a +> line to newsyslog.conf to rotate that log file. I'll add -C when I add syslogd_flags to my rc.conf. I don't like -CC. I also like to change one thing in one place. Having newsyslog read syslog.conf and deciding based on this which files are necessary will be more useful, but of course it will be messier (newsyslog should not depend on other daemons configuration files). Most usefull will be to have one configuration file for syslogd and newsyslog, eg.: *.* /var/log/all.log 600 7 * @T00 J security.* /var/log/security 600 10 100 * JC And teach syslogd to create configuration files with proper owner+permission on start. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --sgneBHv3152wZ8jf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEDeC6ForvXbEpPzQRAp1aAKDoWoZC90ZF2Y4ogo9UEtSBEAEebQCgje89 Z5Xyzf6dOsySSnaibm2vLuw= =IKSW -----END PGP SIGNATURE----- --sgneBHv3152wZ8jf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060307193626.GD62485>