From owner-freebsd-current@FreeBSD.ORG Thu May 14 20:53:47 2009 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DB231065673; Thu, 14 May 2009 20:53:47 +0000 (UTC) (envelope-from gad@FreeBSD.org) Received: from smtp5.server.rpi.edu (smtp5.server.rpi.edu [128.113.2.225]) by mx1.freebsd.org (Postfix) with ESMTP id 031218FC08; Thu, 14 May 2009 20:53:46 +0000 (UTC) (envelope-from gad@FreeBSD.org) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp5.server.rpi.edu (8.13.1/8.13.1) with ESMTP id n4EKriPF022414; Thu, 14 May 2009 16:53:45 -0400 Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Thu, 14 May 2009 16:53:43 -0400 To: Dmitry Morozovsky , Garance A Drosehn From: Garance A Drosehn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Bayes-Prob: 0.0001 (Score 0) X-RPI-SA-Score: 0.10 () [Hold at 20.00] COMBINED_FROM X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.225 Cc: freebsd-current@FreeBSD.org Subject: Re: newsyslog(8) patch for both size and time checks X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 20:53:47 -0000 [I wrote this yesterday, but apparently I then miniaturized the window instead of posting it...] At 11:45 AM +0400 5/13/09, Dmitry Morozovsky wrote: >On Tue, 12 May 2009, Garance A Drosehn wrote: > >GAD> > for now, if log is configured to be rotated in time manner, its >GAD> > size is not checked, >GAD> > so /var/log may be DoSed by some service (in our case, it was >GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our >GAD> > newsyslog.conf line was >GAD> > >GAD> > /var/log/dhcpd 640 5 5000 @T00 JC >GAD> > >GAD> > The following simple patch should fix the problem. Any objection to >GAD> > commit >GAD> > this? >GAD> >GAD> It would fix your problem, but it changes the behavior as is explicitly >GAD> documented in 'man newsyslog.conf' . There is a paragraph in the man >GAD> page which makes it clear that if both fields are specified, then the >GAD> log file will only be rotated if both conditions are true. > >Nope, there is statement about time/interval combination, and size is not >mentioned: > >== 8< == >When both a time and an interval are specified then both conditions >must be satisfied for the rotation to take place. >== 8< == Admittedly I did look at that and read it wrong, but there is also: If a time is specified, the log file will only be trimmed if newsyslog(8) is run within one hour of the specified time. >Also, I can't find anything about expected behaviour in the standards... Well, it's a BSD program. I wouldn't expect to see anything about it in any standards writeup! >GAD> I agree that newsyslog needs some way to specify an "either/or" >GAD> combination of those fields. I believe I have some time to look >GAD> into changes to newsyslog right this week, so I'll see what is >GAD> needed to address this issue. > >Thank you for looking into this. The behavior you want is something many people (including me!) have wanted, and it is something we should add. I could have sworn there was an undocumented way to get this behavior, but I recently tried what I thought that method was, and it doesn't seem to work. -- Garance Alistair Drosehn = drosehn@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA