[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]
- Subject: Re: [[cobalt-security] RaQ3 syslogd 1.3-3: restart Normal?]
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2001 06:05:22 +0200
- Organization: Forumworld.com
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Elf,
> It is abnormal to have the syslogd restart daily; unless your logs rotate
> on a daily basis.
[Groan] For each opinion or suggestion you find a contradicting information
on this list.
I'm sorry, but what you state as fact is either plain wrong or based on
assumptions which are not correct.
Logfiles rotate on the following basis (which will force syslog to be stopped
and started):
a) Upon boot
b) By /etc/cron.daily
c) As defined in /etc/logrotate.conf
Point (c) is the most interesting. By default on a RaQ3 there is a generic
size limit for logfiles, which is set to 1Meg. So if there are logs which are
larger than 1Meg, then logrotate will shutdown syslog, zip the log up and
will then restart syslog.
See: "man syslog" for details. It is obvious that you haven't. ;o)
I have several very active opt-in mailing lists on my RaQ3 with hundrets of
outgoing emails per hour. Imagine what this does to my /var/log/maillog and
how often syslog is restarted on my machine per day. I haven't counted it,
but it's more than three times for sure.
Mit freundlichen Grüßen / Best regards
Michael Stauber