|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: yet another idea about /etc/security
From: Garance A Drosihn (drosih
rpi.edu)Date: Sun Feb 06 2000 - 13:36:10 CST
- Next message: Robert Watson: "review: simple syslog.conf,newsyslog.conf patch with sample logging"
- Previous message: Matt Heckaman: "Re: yet another idea about /etc/security"
- In reply to: Garrett Wollman: "Re: yet another idea about /etc/security"
- Next in thread: Ed Bardsley: "Re: yet another idea about /etc/security"
- Reply: Garance A Drosihn: "Re: yet another idea about /etc/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 8:04 PM -0500 2/5/00, Garrett Wollman wrote:
>Garance A Drosihn <drosihrpi.edu> said:
>
> > I'll skip the solution suggested, since I am not comfortable
> > with some of the issues which it might run up against...
>
>I think the ``right'' solution is to simply specify that all
>syslog files get rotated daily, using an T00 specification in
>newsyslog.conf, and if people want a longer history, they can
>easily specify the number of files in rotation.
This is not the solution I want for my systems. I set the
rotation times the way I did because that is what makes sense
for my systems. My logfile grows pretty slowly, such that
even when rotating once-a-month the file rarely gets above 20K.
It is silly, IMO, to rotate such files every day. The only
downside (for my machines) is the way the security scans work,
and even that isn't all that much of a problem. I'd rather
have one 20k file (gzip's to 3k) that keeps a fair amount of
history, than thirty 200-byte gzip'ed files to hold the same
information.
In a different message, Matt Heckaman wrote:
> If I recall right, a program in the security sections of
> ports (logcheck?) solves this problem by writing an offset
> to <log>.offset, then the next time it runs through the
> logs, it starts from that offset.
[program called logtail, in the logcheck port]
Hmm, this sounds interesting, and much less work that the
solution I was leaning towards. This is worth checking
into some more -- certainly before I tackle any elaborate
solutions based on MD5 digests! Thanks for the pointer.
--- Garance Alistair Drosehn = gadTo Unsubscribe: send mail to majordomo
- Next message: Robert Watson: "review: simple syslog.conf,newsyslog.conf patch with sample logging"
- Previous message: Matt Heckaman: "Re: yet another idea about /etc/security"
- In reply to: Garrett Wollman: "Re: yet another idea about /etc/security"
- Next in thread: Ed Bardsley: "Re: yet another idea about /etc/security"
- Reply: Garance A Drosihn: "Re: yet another idea about /etc/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]