On Wed 13 Apr 05 19:59, Andrew Reilly <[EMAIL PROTECTED]> wrote: > I had an interesting experience, this morning. The nightly > security message from a CVS server machine that runs a version > of FreeBSD-4 had arrived, and it claimed that someone who hadn't > done any work for us for some considerable time had had three > failed login attempts, late that night. Curious. > > After much hunting around, and checking perimeter logs, it > turned out that nothing of the sort had happened. The security > log script had been fooled by the age of the messages.0.gz file, > which contained messages from more than a year ago. The search > pattern "$yesterday" doesn't contain a year, because log file > timestamps don't contain years. The log file was so old because > rotation is determined by size, and this machine simply doesn't > have much to log, despite being used daily. It never goes down, > and is basically completely stable.
Well, you could modify /etc/newsyslog.conf, where it says: /var/log/messages 600 14 100 * J change it to: /var/log/messages 600 14 * @T00 J This assumes you want 14 message logs, rotated once a day at midnight. Any message logs over 14 days will be deleted. man newsyslog.conf > This could be avoided, perhaps, with a NetBSD-style backup/diff > mechanism, or (incompatibly) with daemontools/multilog-style > 64-bit time stamps in the log files. It can be worked-around > by forcing faster log-file rotations, now that I know about > the problem. I can't think of a really good widely-applicable > solution, using the existing framework, though. I'm not quite sure what you mean. Do you want a way to have the timestamp record the year as well, so that you can keep the default setting? - jt _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
