Force newsyslog to rotate from custon script
freebsd-questions-local at be-well.ilk.org
Wed May 12 06:53:16 PDT 2004
> -----Original Message-----
> From: lowell at be-well.ilk.org [mailto:lowell at be-well.ilk.org]On
> Behalf Of Lowell Gilbert
> Sent: Wednesday, May 12, 2004 8:54 AM
> To: Barbish3 at adelphia.net
> Cc: freebsd-questions at FreeBSD. ORG
> Subject: Re: Force newsyslog to rotate from custon script
> "JJB" <Barbish3 at adelphia.net> writes:
> > Problem description: My ipfilter log is rotated using
> > newsyslog.conf. The file is rotated on file size option. I have
> > custom script that reads the log and builds email containing list
> > abusive source IP address. This custom script is included in the
> > daily management report process. Problem is that on days that
> > is a lot of blocked traffic the log may rotate multiple times and
> > daily management report script only runs against the current
> > log.
> > Is their some way to keep the log defined in newsyslog.conf
> > any rotate option and add something to my custom script to tell
> > newsyslog to rotate the log after the script has processed the
> > current active log file?
> I would recommend a slightly different approach. Either of a couple
> of different approaches, in fact...
> One way to do this would be to use a separate config file for
> newsyslog(8) rather than /etc/newsyslog.conf. Then you run
> and use the -f option to have it use your special-purpose
> configuration just for rotating this ipfilter log.
> The other way would be to do the rotation directly, in your script
> which processes the file. It should only take three or four
> in the script. That would let you more or less eliminate any race
> conditions that might leave data out of your logs.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
"JJB" <Barbish3 at adelphia.net> writes:
> Thanks for your reply
> Both of your suggestions are good but have the same problem.
> When the newsyslog command is run the rotate space trigger in
> newsyslog.conf may or may not be met.
If your script does the rotation itself, it will know whether and when
the rotation occurred.
> I need an return code or exit code from the newsyslog command to
> check to tell if trigger was met and log really rotated.
> Does newsyslog issue such codes and how would I code an csh script
> to check for it?
That's not available; newsyslog is intended for handling multiple
files, which would make such an exit code indeterminate. You could
get fairly close by running newsyslog in verbose mode and parsing out
> Trying to for see an DOS attack targeted at consuming all the log
> disk space in /var
If you just put /var/log on its own filesystem, such an attack
wouldn't hurt you much even if it managed to fill up the filesystem.
More information about the freebsd-questions