On Mon, 2012-03-19 at 09:30 +0000, Gleb Smirnoff wrote: > Author: glebius > Date: Mon Mar 19 09:30:40 2012 > New Revision: 233167 > URL: http://svn.freebsd.org/changeset/base/233167 > > Log: > Rotate auth.log and messages at the beginning of a year. Otherwise, > daily security checks 800.loginfail and 900.tcpwrap may produce > false positive alerts. > > Modified: > head/etc/newsyslog.conf > > Modified: head/etc/newsyslog.conf > ============================================================================== > --- head/etc/newsyslog.conf Mon Mar 19 08:10:23 2012 (r233166) > +++ head/etc/newsyslog.conf Mon Mar 19 09:30:40 2012 (r233167) > @@ -19,7 +19,7 @@ > # logfilename [owner:group] mode count size when flags > [/pid_file] [sig_num] > /var/log/all.log 600 7 * @T00 J > /var/log/amd.log 644 7 100 * J > -/var/log/auth.log 600 7 100 * JC > +/var/log/auth.log 600 7 100 @0101T JC > /var/log/console.log 600 5 100 * J > /var/log/cron 600 3 100 * JC > /var/log/daily.log 640 7 * @T00 JN > @@ -28,7 +28,7 @@ > /var/log/kerberos.log 600 7 100 * J > /var/log/lpd-errs 644 7 100 * JC > /var/log/maillog 640 7 * @T00 JC > -/var/log/messages 644 5 100 * JC > +/var/log/messages 644 5 100 @0101T JC > /var/log/monthly.log 640 12 * $M1D0 JN > /var/log/pflog 600 3 100 * JB > /var/run/pflogd.pid > /var/log/ppp.log root:network 640 3 100 * JC
This change may not behave exactly as you expect unless the patch in PR kern/160432 or something equivelent is commited. (It should have been bin/ not kern/, my bad.) http://www.freebsd.org/cgi/query-pr.cgi?pr=160432 To summarize, if both 'size' and 'when' are specified, the size is ignored and only the time is used. The patch in that PR fixes it. We've been running our embedded products with the patch for years because rotating based on size is important when /var/log is a ramdisk. -- Ian _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
