From owner-freebsd-current@FreeBSD.ORG Wed May 13 07:45:39 2009 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D15F1065676; Wed, 13 May 2009 07:45:39 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.freebsd.org (Postfix) with ESMTP id 134358FC27; Wed, 13 May 2009 07:45:38 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.3/8.14.3) with ESMTP id n4D7jbi3053266; Wed, 13 May 2009 11:45:37 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Wed, 13 May 2009 11:45:37 +0400 (MSD) From: Dmitry Morozovsky To: Garance A Drosehn In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (woozle.rinet.ru [0.0.0.0]); Wed, 13 May 2009 11:45:37 +0400 (MSD) Cc: freebsd-current@FreeBSD.org Subject: Re: newsyslog(8) patch for both size and time checks X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2009 07:45:39 -0000 On Tue, 12 May 2009, Garance A Drosehn wrote: GAD> > for now, if log is configured to be rotated in time manner, its size is GAD> > not GAD> > checked, so /var/log may be DoSed by some service (in our case, it was GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our GAD> > newsyslog.conf GAD> > line was GAD> > GAD> > /var/log/dhcpd 640 5 5000 @T00 JC GAD> > GAD> > The following simple patch should fix the problem. Any objection to GAD> > commit GAD> > this? GAD> GAD> It would fix your problem, but it changes the behavior as is explicitly GAD> documented in 'man newsyslog.conf' . There is a paragraph in the man GAD> page which makes it clear that if both fields are specified, then the GAD> log file will only be rotated if both conditions are true. Nope, there is statement about time/interval combination, and size is not mentioned: == 8< == When both a time and an interval are specified then both conditions must be satisfied for the rotation to take place. == 8< == Also, I can't find anything about expected behaviour in the standards... GAD> I agree that newsyslog needs some way to specify an "either/or" GAD> combination of those fields. I believe I have some time to look into GAD> changes to newsyslog right this week, so I'll see what is needed to GAD> address this issue. Thank you for looking into this. -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------