/var partition overflow (due to spyware?) in FreeBSD
default install
Garance A Drosihn
drosih at rpi.edu
Thu Oct 23 19:41:19 PDT 2003
At 6:41 PM -0600 10/23/03, Brett Glass wrote:
>At 06:01 PM 10/23/2003, Garance A Drosihn wrote:
>
> > I do not think that the correct solution is to rotate
> > the files at an even faster rate.
>
>Running newsyslog doesn't ALWAYS rotate the log
Uh, yeah, I know. I'm the one who has been writing updates to
newsyslog for the past year. I am pretty familiar with it.
What I meant was that in circumstances where "once per hour"
is not fast enough, then I do not believe the right solution
is to rotate files every five minutes. Just MO.
The main point of my message was just to say that you're
going to cause other problems by running newsyslog so often,
so you need to come up with some better solution.
> > Just how large is /var on the machine where you're
> > seeing this problem?
>
>On the machine from which I took those messages, it's 256M.
Well, it is certainly a problem if you're getting enough
messages to fill that up that quickly. From the details
you gave in your original message, it *may* be that the
thing to do is to change bind so:
sysquery: no addrs found for root NS (ns0.opennic.glue)
sysquery: no addrs found for root NS (ns1.opennic.glue)
sysquery: no addrs found for root NS (ns2.opennic.glue)
is collapsed into:
sysquery: no addrs found for root NS (ns*.opennic.glue)
and then syslogd's standard handling of "multiple lines"
would come into play. Of course, that isn't really a
great solution either.
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at freebsd.org
Rensselaer Polytechnic Institute or drosih at rpi.edu
More information about the freebsd-security
mailing list