Date: Wed, 13 May 2009 11:45:37 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: Garance A Drosehn <gad@FreeBSD.org> Cc: freebsd-current@FreeBSD.org Subject: Re: newsyslog(8) patch for both size and time checks Message-ID: <alpine.BSF.2.00.0905131143400.19978@woozle.rinet.ru> In-Reply-To: <p06240800c62f5d4bab62@[128.113.24.47]> References: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru> <p06240800c62f5d4bab62@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 May 2009, Garance A Drosehn wrote: GAD> > for now, if log is configured to be rotated in time manner, its size is GAD> > not GAD> > checked, so /var/log may be DoSed by some service (in our case, it was GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our GAD> > newsyslog.conf GAD> > line was GAD> > GAD> > /var/log/dhcpd 640 5 5000 @T00 JC GAD> > GAD> > The following simple patch should fix the problem. Any objection to GAD> > commit GAD> > this? GAD> GAD> It would fix your problem, but it changes the behavior as is explicitly GAD> documented in 'man newsyslog.conf' . There is a paragraph in the man GAD> page which makes it clear that if both fields are specified, then the GAD> log file will only be rotated if both conditions are true. Nope, there is statement about time/interval combination, and size is not mentioned: == 8< == When both a time and an interval are specified then both conditions must be satisfied for the rotation to take place. == 8< == Also, I can't find anything about expected behaviour in the standards... GAD> I agree that newsyslog needs some way to specify an "either/or" GAD> combination of those fields. I believe I have some time to look into GAD> changes to newsyslog right this week, so I'll see what is needed to GAD> address this issue. Thank you for looking into this. -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0905131143400.19978>