HardenedBSD/usr.sbin/newsyslog/newsyslog.8
Thomas Graichen abf212be33 Obtained from: NetBSD
imported the newsyslog command from NetBSD - it make the "rotation" of
the logfiles much simpler (it is currently done by "hand" in the
/etc/[daily,weekly,monthly] scripts) - now it will be done by invoking
newsyslog every hour which is very customizable via a
/etc/newsyslog.conf file
1996-01-05 09:28:11 +00:00

169 lines
4.9 KiB
Groff

.TH NEWSYSLOG 8 "January 12, 1989" "Project Athena"
.ns
.\" This file contains changes from the Open Software Foundation.
.\"
.\" from: @(#)newsyslog.8
.\" $Id: newsyslog.8,v 1.6 1995/01/06 19:20:20 jtc Exp $
.\"
.\" Copyright 1988, 1989 by the Massachusetts Institute of Technology
.\"
.\" Permission to use, copy, modify, and distribute this software
.\" and its documentation for any purpose and without fee is
.\" hereby granted, provided that the above copyright notice
.\" appear in all copies and that both that copyright notice and
.\" this permission notice appear in supporting documentation,
.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
.\" used in advertising or publicity pertaining to distribution
.\" of the software without specific, written prior permission.
.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about
.\" the suitability of this software for any purpose. It is
.\" provided "as is" without express or implied warranty.
.\"
.sp
.SH NAME
newsyslog \- maintain system log files to manageable sizes
.SH SYNOPSIS
.B /usr/bin/newsyslog
[
.B \-vnr
] [
.B \-f
.I configuration file
]
.SH DESCRIPTION
.I Newsyslog
is a program that should be scheduled to run periodically by
.IR crontab .
When it is executed it archives log files if necessary. If a log file
is determined to require archiving,
.I newsyslog
rearranges the files so that ``logfile'' is empty, ``logfile.0'' has
the last period's logs in it, ``logfile.1'' has the next to last
period's logs in it, and so on, up to a user-specified number of
archived logs. Optionally the archived logs can be compressed to save
space.
.PP
A log can be archived because of two reasons. The log file can have
grown bigger than a preset size in kilobytes, or a preset number of
hours may have elapsed since the last log archive. The granularity of
.I newsyslog
is dependent on how often it is scheduled to run in crontab. Since
the program is quite fast, it may be scheduled to run every hour
without any ill effects.
.PP
When starting up,
.I newsyslog
reads in a configuration file to determine which logs should be looked
at. By default, this configuration file is
.IR /etc/newsyslog.conf .
Each line of the file contains information about a particular log file
that should be handled by
.IR newsyslog .
Each line has five mandatory fields and two optional fields, with a
whitespace separating each field. Blank lines or lines beginning with
``#'' are ignored. The fields of the configuration file are as
follows:
.br
logfile name
.br
owner.group of archives (optional)
.br
mode of logfile & archives
.br
number of archives
.br
size of archives
.br
archive interval
.br
flags (optional)
.PP
The
.I logfile name
entry is the name of the system log file to be archived.
.PP
The optional
.I owner.group
entry specifies an ownership and group for the archive file.
The "." is essential, even if the
.I owner
or
.I group
field is left blank. The
fields may be numeric, or a name which is looked up in
.I /etc/passwd
or
.IR /etc/group .
.PP
The
.I number of archives
entry specifies the number of archives to be kept besides the log file
itself.
.PP
When the size of the logfile reaches
.I size of
.IR archives ,
the logfile becomes trimmed as described above. If this field is
replaced by a ``*'', then the size of the logfile is not taken into
account when determining when to trim the log file.
.PP
The
.I number of hours
entry specifies the time separation between the trimming of the log
file. If this field is replaced by a ``*'', then the number of hours
since the last time the log was trimmed will not be taken into
consideration.
.PP
The
.I flags
field specifies if the archives should have any special processing
done to the archived log files. The ``Z'' flag will make the archive
files compressed to save space using /usr/bin/gzip. The ``B'' flag
means that the file is a binary file, and so the ascii message which
.I newsyslog
inserts to indicate the fact that the logs have been turned over
should not be included.
.PP
.SH OPTIONS
The following options can be used with newsyslog:
.TP
.B \-f \fIconfig-file
instructs newsyslog to use
.I config-file
instead of /etc/newsyslog.conf for its configuration file.
.TP
.B \-v
places
.I newsyslog
in verbose mode. In this mode it will print out each log and its
reasons for either trimming that log or skipping it.
.TP
.B \-n
causes
.I newsyslog
not to trim the logs, but to print out what it would do if this option
were not specified.
.TP
.B \-r
removes the restriction that
.I newsyslog
must be running as root. Of course,
.I newsyslog
will not be able to send a HUP signal to
.IR syslogd ,
so this option should only be used in debugging.
.SH FILES
/etc/newsyslog.conf
.SH BUGS
Doesn't yet automatically read the logs to find security breaches.
.SH AUTHOR
Theodore Ts'o, MIT Project Athena
.br
Copyright 1987, Massachusetts Institute of Technology
.SH "SEE ALSO"
syslogd(8), syslog(3), gzip(1)
.ns
.sp