Menu
▾
▴
Re: [SSHGuard-users] sshguard restart loop when using syslogd
|
From: Peter B. <be...@an...> - 2016-05-10 19:08:05
|
Could you not adjust the size at which the log is rotated to avoid such
chopping?
Doing my own little test, this succeeded at rotating safely at 10 entries
per second being written:
cp auth.log auth.log.2 && cat /dev/null > auth.log
I had one process going writing a new entry to auth.log every 0.1 seconds
(10 per second), to ensure that I didn't lose any log entries during this
process.
What this does:
* copies all of the data from auth.log to auth.log.2, even while
auth.log is being written, the data is copied
* As soon as the copy completes, it truncates auth.log (unless the
copy fails, then it doesn't)
Now you (a) don't have to HUP any processes writing to auth.log, and (b)
don't lose any log entries due to timing issues.
Theoretically you could lose a few log lines depending on how loaded your
system is, but I lost ZERO log entries at 10 per second.
So again, I say, for the lot of you who are fussy about your log file sizes
for whatever reason, Why not rotate your logs?
Between newsyslog and writing your own if newsyslog doesn't have enough
knobs to meet your unique needs, I don't see how sshguard needs to be
rewritten to meet your needs.
Beckman
On Tue, 10 May 2016, li...@la... wrote:
> On Tue, 10 May 2016 10:04:57 -0400
> Peter Beckman <be...@an...> wrote:
>
>> Why not add your IP(s) to the whitelist? Did you fail to login
>> successfully many times in the past few years?
>>
>> Why not rotate your auth.log?
>>
>> Why not run newsyslog manually once to rotate initially?
>>
>> To me this isn't a bug, more of a "it doesn't work the way I want"
>> for some reasons that seem to be fairly easy to rememdy.
>>
>> Beckman
>>
>
>> ---------------------------------------------------------------------------
>
> Checking my /var/log, it appears that once you put a file into
> newsyslog, it will chop it up into compressed files with
> one "operating" file at the appropriate rotation time. That is, my
> maillog, which I recently added to newsyslog, was chopped into 6 files
> when the rotation time came around.
>
>
---------------------------------------------------------------------------
Peter Beckman Internet Guy
be...@an... http://www.angryox.com/
---------------------------------------------------------------------------
|
