Date: Thu, 7 Sep 1995 11:51:30 +0000 From: "Peter May" <peter@osix.osix.oz.au> To: Brian Tao <taob@gate.sinica.edu.tw>, freebsd-security@freebsd.org Subject: Re: Do we *really* need logger(1)? Message-ID: <199509071137.LAA09858@thumper.osix.com.au>
next in thread | raw e-mail | index | archive | help
> On Wed, 6 Sep 1995, Paul Traina wrote:
> >
> > If your disk fills up, you want syslog to be able to operate until it goes to
> > 110%. Unless you run as root or modify the kernel, you lose.
>
> No, you want messages created by root-owned processes to fill your disk
> to 110% (not that it's a good thing in any case, especially if /var is the
> same filesystem as /). What we need is credential checking in the syslog()
> call and syslogd daemon. I imagine any ISP that offers shell access and uses
> the default syslog.conf is susceptible to a prankster sending *.emerg level
> notices and getting syslogd to write "SYSTEM REBOOT, LOG OFF NOW!" to the
> ttys of every online user.
Hmmmm ... the best way of doing this is probably a rotary log file
rather than a flat log file. For example, the error log on an AIX
system uses at most 1Mb of storage (the error log entries are small).
Once the log file wraps, older entries are overwritten. A better
approach might be to use multiple rotaries depending upon the log
level (i.e., emerg.log, daemon.log etc.)
Alternatively, syslog could execute another process to 'clean up' the
log file (aka /etc/daily), i.e., compress it and move it to another
name/place, once it reaches a certain threshold.
However, all of these changes are significant, and it means making
syslog somewhat non-standard. I guess that could be important as
well.
> --
> Brian ("Though this be madness, yet there is method in't") Tao
> taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org
---------------------------------------------------------------->>>>>
Peter May OSIX Pty Ltd
Director Level 1, 261-263 Pacific Highway
Technical Services North Sydney. NSW. Australia. 2060.
Home: +61-2-418-7656 Internet: peter@osix.com.au
Work: +61-2-922-3999 Fax: +61-2-922-3314
>>>> PGP Public key available upon request <<<<
---------------------------------------------------------------->>>>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509071137.LAA09858>