cvs commit: src/usr.sbin/syslogd syslogd.8 syslogd.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Mar 7 11:37:02 PST 2006
On Tue, Mar 07, 2006 at 02:08:43PM -0500, Garance A Drosehn wrote:
+> At 9:14 AM +0100 3/7/06, Pawel Jakub Dawidek wrote:
+> >On Mon, Mar 06, 2006 at 12:08:08PM -0500, John Baldwin wrote:
+> >+> Did you know about the -C option to newsyslog? newsyslog is a
+> >+> better tool for creating the log files since its config file
+> >+> can specify permissions (owner, group, chmod).
+> >I agree, but I didn't removed this functionality from the
+> >newsyslog(8). I wanted to have this simple functionality
+> >in syslogd(8) for a few small reasons:
+> >- I don't really buy that not creating log files is a security
+> > feature.
+> Creating them with the wrong group, wrong chmod bits, or not
+> including 'nosave' on logfiles which are expected to be
+> 'nosave' might be a problem.
That's why I choosen safe permissions.
I don't want it to replace newsyslog, I just want it to be handy.
I very often find myself adding all.log to syslog.conf, restarting
syslogd and realising that I forgot to create all.log file, so I need to
create the file (its faster than calling newsyslog and I don't want to
call it with -CC, that way I can avoid touching newsyslog.conf at all).
+> >- You don't always want newsyslog(8) (eg. on a embedded system).
+> You don't want to rotate logfiles on an embedded system?
Not always. On the system I had in mind we use our own script for this.
+> >- Its more handy to add new log file and just restart syslogd
+> > without any errors, instead of editing newsyslog.conf,
+> > executing newsyslogd -C and then restarting syslogd.
+> To use this new syslogd feature, you're going to have to add
+> that '-C' flag somewhere. And in /etc/defaults/rc.conf, we
+> already have:
+> newsyslog_enable="YES" # Run newsyslog at startup.
+> newsyslog_flags="-CN" # Newsyslog flags to create marked files
+> All you need to do is add a second '-C' to those newsyslog_flags,
+> and newsyslog will automatically create all log files which do
+> not exist. And if you're adding a new logfile to /etc/syslog.conf,
+> then it seems to is very likely that you will also want to add a
+> line to newsyslog.conf to rotate that log file.
I'll add -C when I add syslogd_flags to my rc.conf.
I don't like -CC. I also like to change one thing in one place.
Having newsyslog read syslog.conf and deciding based on this which files
are necessary will be more useful, but of course it will be messier
(newsyslog should not depend on other daemons configuration files).
Most usefull will be to have one configuration file for syslogd and
*.* /var/log/all.log 600 7 * @T00 J
security.* /var/log/security 600 10 100 * JC
And teach syslogd to create configuration files with proper
owner+permission on start.
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20060307/cb09012f/attachment.bin
More information about the cvs-src