mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 13:34:00 +01:00
abf212be33
imported the newsyslog command from NetBSD - it make the "rotation" of the logfiles much simpler (it is currently done by "hand" in the /etc/[daily,weekly,monthly] scripts) - now it will be done by invoking newsyslog every hour which is very customizable via a /etc/newsyslog.conf file
169 lines
4.9 KiB
Groff
169 lines
4.9 KiB
Groff
.TH NEWSYSLOG 8 "January 12, 1989" "Project Athena"
|
|
.ns
|
|
.\" This file contains changes from the Open Software Foundation.
|
|
.\"
|
|
.\" from: @(#)newsyslog.8
|
|
.\" $Id: newsyslog.8,v 1.6 1995/01/06 19:20:20 jtc Exp $
|
|
.\"
|
|
.\" Copyright 1988, 1989 by the Massachusetts Institute of Technology
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software
|
|
.\" and its documentation for any purpose and without fee is
|
|
.\" hereby granted, provided that the above copyright notice
|
|
.\" appear in all copies and that both that copyright notice and
|
|
.\" this permission notice appear in supporting documentation,
|
|
.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
|
|
.\" used in advertising or publicity pertaining to distribution
|
|
.\" of the software without specific, written prior permission.
|
|
.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about
|
|
.\" the suitability of this software for any purpose. It is
|
|
.\" provided "as is" without express or implied warranty.
|
|
.\"
|
|
.sp
|
|
.SH NAME
|
|
newsyslog \- maintain system log files to manageable sizes
|
|
.SH SYNOPSIS
|
|
.B /usr/bin/newsyslog
|
|
[
|
|
.B \-vnr
|
|
] [
|
|
.B \-f
|
|
.I configuration file
|
|
]
|
|
.SH DESCRIPTION
|
|
.I Newsyslog
|
|
is a program that should be scheduled to run periodically by
|
|
.IR crontab .
|
|
When it is executed it archives log files if necessary. If a log file
|
|
is determined to require archiving,
|
|
.I newsyslog
|
|
rearranges the files so that ``logfile'' is empty, ``logfile.0'' has
|
|
the last period's logs in it, ``logfile.1'' has the next to last
|
|
period's logs in it, and so on, up to a user-specified number of
|
|
archived logs. Optionally the archived logs can be compressed to save
|
|
space.
|
|
.PP
|
|
A log can be archived because of two reasons. The log file can have
|
|
grown bigger than a preset size in kilobytes, or a preset number of
|
|
hours may have elapsed since the last log archive. The granularity of
|
|
.I newsyslog
|
|
is dependent on how often it is scheduled to run in crontab. Since
|
|
the program is quite fast, it may be scheduled to run every hour
|
|
without any ill effects.
|
|
.PP
|
|
When starting up,
|
|
.I newsyslog
|
|
reads in a configuration file to determine which logs should be looked
|
|
at. By default, this configuration file is
|
|
.IR /etc/newsyslog.conf .
|
|
Each line of the file contains information about a particular log file
|
|
that should be handled by
|
|
.IR newsyslog .
|
|
Each line has five mandatory fields and two optional fields, with a
|
|
whitespace separating each field. Blank lines or lines beginning with
|
|
``#'' are ignored. The fields of the configuration file are as
|
|
follows:
|
|
.br
|
|
logfile name
|
|
.br
|
|
owner.group of archives (optional)
|
|
.br
|
|
mode of logfile & archives
|
|
.br
|
|
number of archives
|
|
.br
|
|
size of archives
|
|
.br
|
|
archive interval
|
|
.br
|
|
flags (optional)
|
|
.PP
|
|
The
|
|
.I logfile name
|
|
entry is the name of the system log file to be archived.
|
|
.PP
|
|
The optional
|
|
.I owner.group
|
|
entry specifies an ownership and group for the archive file.
|
|
The "." is essential, even if the
|
|
.I owner
|
|
or
|
|
.I group
|
|
field is left blank. The
|
|
fields may be numeric, or a name which is looked up in
|
|
.I /etc/passwd
|
|
or
|
|
.IR /etc/group .
|
|
.PP
|
|
The
|
|
.I number of archives
|
|
entry specifies the number of archives to be kept besides the log file
|
|
itself.
|
|
.PP
|
|
When the size of the logfile reaches
|
|
.I size of
|
|
.IR archives ,
|
|
the logfile becomes trimmed as described above. If this field is
|
|
replaced by a ``*'', then the size of the logfile is not taken into
|
|
account when determining when to trim the log file.
|
|
.PP
|
|
The
|
|
.I number of hours
|
|
entry specifies the time separation between the trimming of the log
|
|
file. If this field is replaced by a ``*'', then the number of hours
|
|
since the last time the log was trimmed will not be taken into
|
|
consideration.
|
|
.PP
|
|
The
|
|
.I flags
|
|
field specifies if the archives should have any special processing
|
|
done to the archived log files. The ``Z'' flag will make the archive
|
|
files compressed to save space using /usr/bin/gzip. The ``B'' flag
|
|
means that the file is a binary file, and so the ascii message which
|
|
.I newsyslog
|
|
inserts to indicate the fact that the logs have been turned over
|
|
should not be included.
|
|
.PP
|
|
.SH OPTIONS
|
|
The following options can be used with newsyslog:
|
|
.TP
|
|
.B \-f \fIconfig-file
|
|
instructs newsyslog to use
|
|
.I config-file
|
|
instead of /etc/newsyslog.conf for its configuration file.
|
|
.TP
|
|
.B \-v
|
|
places
|
|
.I newsyslog
|
|
in verbose mode. In this mode it will print out each log and its
|
|
reasons for either trimming that log or skipping it.
|
|
.TP
|
|
.B \-n
|
|
causes
|
|
.I newsyslog
|
|
not to trim the logs, but to print out what it would do if this option
|
|
were not specified.
|
|
.TP
|
|
.B \-r
|
|
removes the restriction that
|
|
.I newsyslog
|
|
must be running as root. Of course,
|
|
.I newsyslog
|
|
will not be able to send a HUP signal to
|
|
.IR syslogd ,
|
|
so this option should only be used in debugging.
|
|
.SH FILES
|
|
/etc/newsyslog.conf
|
|
.SH BUGS
|
|
Doesn't yet automatically read the logs to find security breaches.
|
|
|
|
|
|
.SH AUTHOR
|
|
Theodore Ts'o, MIT Project Athena
|
|
.br
|
|
Copyright 1987, Massachusetts Institute of Technology
|
|
.SH "SEE ALSO"
|
|
syslogd(8), syslog(3), gzip(1)
|
|
.ns
|
|
.sp
|