chflag sappend /var/log/messages - syslog-ng can't rotate logs
fbsd.questions at rachie.is-a-geek.net
Mon Feb 4 17:40:35 UTC 2008
On Monday 04 February 2008 12:20:49 Michael K. Smith - Adhost wrote:
> I'm interested in making my messages file more likely to survive a hacking
> attempt and I've set the sappend flag to that end. It would be nice if
> syslog-ng could actually rotate the logfile since it gets quite large, but
> the sappend flag seems to prohibit that from happening. Is there any way
> to maintain the flag and allow syslog-ng to rotate the files?
Hmm, since there's no rotate command to be configured in syslog-ng, you could
maybe trick it, by letting a daemon clear the flag and put it back on on the
new file. However, it would defeat the purpose, since anyone able to send the
signal you specify to the daemon would clear the flag.
Best thing to do is take it out of syslog-ng rotation and use cron to rotate
it, using a customized script (which of course you the put noschg flag on,
once your satisfied).
Of course, you could also file a PR and request support for a custom rotate
command to be added to syslog-ng ;)
More information about the freebsd-questions