From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  4 17:22:22 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9856116A417
	for <freebsd-questions@freebsd.org>;
	Mon,  4 Feb 2008 17:22:22 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27])
	by mx1.freebsd.org (Postfix) with ESMTP id 401CC13C442
	for <freebsd-questions@freebsd.org>;
	Mon,  4 Feb 2008 17:22:22 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from localhost (localhost [127.0.0.1])
	by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 4604D1CC8B;
	Mon,  4 Feb 2008 08:22:21 -0900 (AKST)
From: Mel <fbsd.questions@rachie.is-a-geek.net>
To: freebsd-questions@freebsd.org
Date: Mon, 4 Feb 2008 18:22:18 +0100
User-Agent: KMail/1.9.7
References: <17838240D9A5544AAA5FF95F8D520316034129E7@ad-exh01.adhost.lan>
In-Reply-To: <17838240D9A5544AAA5FF95F8D520316034129E7@ad-exh01.adhost.lan>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200802041822.19437.fbsd.questions@rachie.is-a-geek.net>
Cc: "Michael K. Smith - Adhost" <mksmith@adhost.com>, questions@freebsd.org
Subject: Re: chflag sappend /var/log/messages - syslog-ng can't rotate logs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2008 17:22:22 -0000

On Monday 04 February 2008 12:20:49 Michael K. Smith - Adhost wrote:

> I'm interested in making my messages file more likely to survive a hacking
> attempt and I've set the sappend flag to that end.  It would be nice if
> syslog-ng could actually rotate the logfile since it gets quite large, but
> the sappend flag seems to prohibit that from happening.  Is there any way
> to maintain the flag and allow syslog-ng to rotate the files?

Hmm, since there's no rotate command to be configured in syslog-ng, you could 
maybe trick it, by letting a daemon clear the flag and put it back on on the 
new file. However, it would defeat the purpose, since anyone able to send the 
signal you specify to the daemon would clear the flag.

Best thing to do is take it out of syslog-ng rotation and use cron to rotate 
it, using a customized script (which of course you the put noschg flag on, 
once your satisfied).

Of course, you could also file a PR and request support for a custom rotate 
command to be added to syslog-ng ;)
-- 
Mel