Force newsyslog to rotate from custon script
JJB
Barbish3 at adelphia.net
Wed May 12 06:27:04 PDT 2004
Thanks for your reply
Both of your suggestions are good but have the same problem.
When the newsyslog command is run the rotate space trigger in
newsyslog.conf may or may not be met.
I need an return code or exit code from the newsyslog command to
check to tell if trigger was met and log really rotated.
Does newsyslog issue such codes and how would I code an csh script
to check for it?
Trying to for see an DOS attack targeted at consuming all the log
disk space in /var
-----Original Message-----
From: lowell at be-well.ilk.org [mailto:lowell at be-well.ilk.org]On
Behalf Of Lowell Gilbert
Sent: Wednesday, May 12, 2004 8:54 AM
To: Barbish3 at adelphia.net
Cc: freebsd-questions at FreeBSD. ORG
Subject: Re: Force newsyslog to rotate from custon script
"JJB" <Barbish3 at adelphia.net> writes:
> Problem description: My ipfilter log is rotated using
> newsyslog.conf. The file is rotated on file size option. I have
> custom script that reads the log and builds email containing list
of
> abusive source IP address. This custom script is included in the
> daily management report process. Problem is that on days that
there
> is a lot of blocked traffic the log may rotate multiple times and
my
> daily management report script only runs against the current
active
> log.
>
> Is their some way to keep the log defined in newsyslog.conf
without
> any rotate option and add something to my custom script to tell
> newsyslog to rotate the log after the script has processed the
> current active log file?
I would recommend a slightly different approach. Either of a couple
of different approaches, in fact...
One way to do this would be to use a separate config file for
newsyslog(8) rather than /etc/newsyslog.conf. Then you run
newsyslog
and use the -f option to have it use your special-purpose
configuration just for rotating this ipfilter log.
The other way would be to do the rotation directly, in your script
which processes the file. It should only take three or four
commands
in the script. That would let you more or less eliminate any race
conditions that might leave data out of your logs.
More information about the freebsd-questions
mailing list