From owner-freebsd-questions  Sun Jun 10  9:57:49 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from kekaha.atkinshome.com (kekaha.atkinshome.com [64.121.139.69])
	by hub.freebsd.org (Postfix) with ESMTP id 9F9E837B407
	for <freebsd-questions@FreeBSD.ORG>; Sun, 10 Jun 2001 09:57:44 -0700 (PDT)
	(envelope-from dave@atkinshome.com)
Received: from dave (jen.atkinshome.com [64.121.139.68])
	by kekaha.atkinshome.com (8.9.3/8.9.3) with SMTP id JAA28375
	for <freebsd-questions@FreeBSD.ORG>; Sun, 10 Jun 2001 09:45:41 -0700
From: "Dave Atkins" <dave@atkinshome.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: small /var partition; how do I prevent log file overflow?
Date: Sun, 10 Jun 2001 10:02:13 -0700
Message-ID: <001001c0f1cf$18be68b0$0300a8c0@dave>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <000701c0f077$1e6342d0$0300a8c0@dave>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I've done this so many times now on various operating systems that I should
know better...but when I did the install of freebsd 4, I let the install
program set up my partitions. Now, I've got this great setup:

FreeBSD 4.3-RELEASE (DAVE) #1: Sat Jun  9 15:52:40 PDT 2001
$ df -k
Filesystem  1K-blocks     Used    Avail Capacity  Mounted on
/dev/ad0s1a     99183    35244    56005    39%    /
/dev/ad0s1f   1350983   614495   628410    49%    /usr
/dev/ad0s1e     19815     1264    16966     7%    /var
procfs              4        4        0   100%    /proc

My concern is that /var is so small. I am running a firewall and doing
limited logging, but still, I can imagine 20 Meg of log files happening.

I will never *need* 20 meg of logs, so how can I configure things to avoid
overflowing space? As I recall, the log files somehow cycle/rotate (maillog
does a daily file and compresses itself). I'm going to turn off sendmail
anyway, so I won't worry about the spool directory, but I am nervous about
/var/log/security and the other log files. I have seen several systems crash
because of DoS attacks or just forgetfulness on the part of the sysadmin
that led to exploding log files. What is the best way to cap these files and
prevent the situation from getting out of control?

Thanks



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message