[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]

Subject: Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Thu, 26 Apr 2001 06:05:22 +0200
Organization: Forumworld.com
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Elf,

> It is abnormal to have the syslogd restart daily; unless your logs rotate
> on a daily basis. 

[Groan] For each opinion or suggestion you find a contradicting information 
on this list. 

I'm sorry, but what you state as fact is either plain wrong or based on 
assumptions which are not correct.

Logfiles rotate on the following basis (which will force syslog to be stopped 
and started):

a) Upon boot

b) By /etc/cron.daily

c) As defined in /etc/logrotate.conf

Point (c) is the most interesting. By default on a RaQ3 there is a generic 
size limit for logfiles, which is set to 1Meg. So if there are logs which are 
larger than 1Meg, then logrotate will shutdown syslog, zip the log up and 
will then restart syslog. 

See: "man syslog" for details. It is obvious that you haven't. ;o)

I have several very active opt-in mailing lists on my RaQ3 with hundrets of 
outgoing emails per hour. Imagine what this does to my /var/log/maillog and 
how often syslog is restarted on my machine per day. I haven't counted it, 
but it's more than three times for sure.


Mit freundlichen Grüßen / Best regards

Michael Stauber

References:
- Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]
  - From: Elf

Prev by Date: [cobalt-security] Possible DoS attack or Hack ?
Next by Date: Re: [cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?
Previous by thread: Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]
Next by thread: Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index