chflag sappend /var/log/messages - syslog-ng can't rotate logs

Mel fbsd.questions at
Mon Feb 4 17:40:35 UTC 2008

On Monday 04 February 2008 12:20:49 Michael K. Smith - Adhost wrote:

> I'm interested in making my messages file more likely to survive a hacking
> attempt and I've set the sappend flag to that end.  It would be nice if
> syslog-ng could actually rotate the logfile since it gets quite large, but
> the sappend flag seems to prohibit that from happening.  Is there any way
> to maintain the flag and allow syslog-ng to rotate the files?

Hmm, since there's no rotate command to be configured in syslog-ng, you could 
maybe trick it, by letting a daemon clear the flag and put it back on on the 
new file. However, it would defeat the purpose, since anyone able to send the 
signal you specify to the daemon would clear the flag.

Best thing to do is take it out of syslog-ng rotation and use cron to rotate 
it, using a customized script (which of course you the put noschg flag on, 
once your satisfied).

Of course, you could also file a PR and request support for a custom rotate 
command to be added to syslog-ng ;)

More information about the freebsd-questions mailing list