Subject: Re: newsyslog and script execution instead of sending signal to process
To: Eric Haszlakiewicz <email@example.com>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 07/16/2007 02:49:29
Content-Type: text/plain; charset=US-ASCII
At Sun, 15 Jul 2007 11:36:38 -0500, Eric Haszlakiewicz wrote:
Subject: Re: newsyslog and script execution instead of sending signal to pr=
> eh? How do you figure? If you're using newsyslog to rotate the logs
> for a program that needs a specialized restart procedure when the logs
> are rotated, then just moving them to a separate directory isn't going
> to do anything useful.
For example (there are probably thousands or more ways to do this --
here's just one) have cron invoke your script after newsyslog has
finished and have it look in the archive directory. As soon as a file
appears in that directory then gobble it up and when you're done
processing it move it off into the final "processed" archive directory
(or delete it or whatever). This doesn't require any special features
anywhere and it allows full separation of privilege (e.g. between the
logfile writer and the logfile processor) without any hassle or
significant risk whatsoever.
If your script safely can run with sufficient privileges to manipulate
the archived logfiles directly in the location where they are written to
then you don't even need the sub-directory archiving feature -- just
look for any new "archive" file (e.g. a *.0 file) and away you go.
It's extremely inelegant to have newsyslog invoking other programs,
never mind opening a whole new can of worms on the security front.
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <email@example.com>
Planix, Inc. <firstname.lastname@example.org> Secrets of the Weird <email@example.com>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----