newsyslog(8) patch for both size and time checks

Dmitry Morozovsky marck at
Wed May 13 07:45:39 UTC 2009

On Tue, 12 May 2009, Garance A Drosehn wrote:

GAD> > for now, if log is configured to be rotated in time manner, its size is
GAD> > not
GAD> > checked, so /var/log may be DoSed by some service (in our case, it was
GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our
GAD> > newsyslog.conf
GAD> > line was
GAD> > 
GAD> > /var/log/dhcpd				640  5     5000	@T00	JC
GAD> > 
GAD> > The following simple patch should fix the problem. Any objection to
GAD> > commit
GAD> > this?
GAD> It would fix your problem, but it changes the behavior as is explicitly
GAD> documented in  'man newsyslog.conf' .  There is a paragraph in the man
GAD> page which makes it clear that if both fields are specified, then the
GAD> log file will only be rotated if both conditions are true.

Nope, there is statement about time/interval combination, and size is not 

== 8< ==
When both a time and an interval are specified then both conditions must be 
satisfied for the rotation to take place.
== 8< ==

Also, I can't find anything about expected behaviour in the standards...

GAD> I agree that newsyslog needs some way to specify an "either/or"
GAD> combination of those fields.  I believe I have some time to look into
GAD> changes to newsyslog right this week, so I'll see what is needed to
GAD> address this issue.

Thank you for looking into this.

D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck at ]
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at ***

More information about the freebsd-current mailing list