From owner-freebsd-questions@FreeBSD.ORG Sun Nov 23 09:47:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6883216A4CE for ; Sun, 23 Nov 2003 09:47:06 -0800 (PST) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C34943FE0 for ; Sun, 23 Nov 2003 09:47:04 -0800 (PST) (envelope-from freebsd-questions@m.gmane.org) Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1ANyK6-0006Gn-00 for ; Sun, 23 Nov 2003 18:47:02 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1ANyK4-0006GV-00 for ; Sun, 23 Nov 2003 18:47:00 +0100 Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1ANyK4-000678-00 for ; Sun, 23 Nov 2003 18:47:00 +0100 From: Jesse Guardiani Date: Sun, 23 Nov 2003 12:46:58 -0500 Organization: WingNET Lines: 46 Message-ID: References: <44fzghmad9.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@sea.gmane.org User-Agent: KNode/0.7.2 X-Mail-Copies-To: never Sender: news Subject: Re: dmesg.today->dmesg.yesterday X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jesse@wingnet.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2003 17:47:06 -0000 Lowell Gilbert wrote: > Jesse Guardiani writes: > >> How does dmesg.today get rotated to dmesg.yesterday? >> >> I suspect my dmesg.today of being corrupted by old info. >> I have gotten the following message in my security output >> for the last four days: >> >> pid 4062 (clamd), uid 3848: exited on signal 11 >> >> It appears in different places, but what are the chances of >> clamd acquiring pid 4062 four days in a row? > > That diff is taken as part of the periodic/security checks. > I don't think it uses dmesg.today, though; I think it takes output > directly from dmesg(8)... >From /etc/periodic/security/security.functions: ------------------------------------------------------------------- # Usage: COMMAND | check_diff [new_only] LABEL - MSG # COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG # if $1 is new_only, show only the 'new' part of the diff. # LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. check_diff() { ------------------------------------------------------------------- It would appear that it does indeed use .today and .yesterday. And I think I just answered my own question. check_diff is the function that creates the dmesg.today and dmesg.yesterday files, and is in charge of rotating them. Thanks. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net