Hi all -- This is a long shot, but I thought I'd ask here.
I have a multiply-upgraded Debian "etch" box, which is also a log host (i.e. many other hosts log on it via the UDP port that syslog provides), and our policies regarding log retention have recently changed. My problem is that I can't figure out who is rotating /var/log/auth.log. It's currently being rotated every day, and retained for a week. I spent a lot of quality time today with the logrotate documentation, and I'm confident that it's not in any logrotate scripts. I also checked out the cron-driven log rotation that's done by the scripts that come with the sysklogd package, and that package seems to be set up to rotate it weekly -- this may be working, but never getting the chance, because the daily rotations are colliding with the weekly effort. I know that rsyslogd provides logrotate packages, many of my systems work that way, but this system does not have rsyslogd installed. There are also some residual syslog-ng scripts, but they don't appear to be active. What I *do* know is that whatever is rotating the auth logs is cron-triggered -- they all have 06:25 time-stamps, suggesting they're run from /etc/cron.daily somewhere. But I've looked at all those scripts, and none of them seem to do it. Possibly relevant is that this system is very old, and has been transplanted to new hardware several times -- I think it started out as Debian "potato", and has been steadily upgraded over the years, so it could be left-over functionality from some ancient package that's mucking things up. So, my specific question is, is there anything *else* besides logrotate or sysklogd scripts that can do log rotations? Some obscure cron thing that doesn't show up when I grep for "auth" or "log", because it's doing some kind of crazy pattern-matching thing? Thanks in advance... -- A. -- Andrew Reid / rei...@bellatlantic.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org