On Sun, Feb 11, 2001 at 11:43:26AM -0700, Erik Huizing wrote:
> If you look in /etc/newsyslog.conf, /var/log/messages gets trimmed once it
> reaches a certain size. By default, this is 30K. 

That's probably a bad example, and can actually be abused by the
spamming example. After 7 hours of the job running, and 7 iterations
of newsyslog from cron, you'll lose any of the log messages before
then.

I don't use newsyslog because I dislike the format of the rotated
filenames (foo, foo.0.gz, foo.1.gz, ....), amongst other things.
That's why I wrote logrot (c.f sysutils/logrot in pkgsrc), which I run
out of cron weekly with an entry like:
	0 6 * * 3 cd /var/log ; logrot -d old -c auth authpriv cron daemon ftp kern local0 local1 local2 local3 local4 local5 local6 local7 lpr mail news syslog user uucp

(I have separate files for separate facilities; see
/usr/share/examples/syslogd/all.debug)

Also note that syslog coalesces multiple identical messages into one
log message. This can easily be defeated, but does reduce the impact
of the second issue highlighted below.


> On Sun, 11 Feb 2001 wojtek@wojtek.from.pl wrote:
> > a) logger -t su "wojtek to root on /dev/ttyp7"
> > add -p to select the same logfile that normal su does (i have 1 logfile
> > for everything)
> > 
> > b) while true;do echo zzzzzzzzzzzzzzzzzzzzzzzzzzzzz|logger ;done
> > 
> > and pollute logfiles

-- 
Luke Mewburn  <lukem@wasabisystems.com>  http://www.wasabisystems.com
Luke Mewburn     <lukem@netbsd.org>      http://www.netbsd.org
Wasabi Systems - providing NetBSD sales, support and service.