syslog doesn't log after rotation
dear suse security team, on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files. this is a security issue, as i cannot track security problems without log entries. i already sent this as a bug report to suse a long time ago but never got any response. what can i do? regards, michael balzer -- b&b computersysteme * kämperheide 10 * 58285 gevelsberg * germany fon +49 2333 913924 * fax +49 2333 913925 * http://www.bbcomp.de
Hi, On Thu, 16 Mar 2000, Michael Balzer wrote:
dear suse security team,
on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files.
this is a security issue, as i cannot track security problems without log entries.
i already sent this as a bug report to suse a long time ago but never got any response. what can i do?
Sorry about that. Please update the package aaa_base, which can be found at ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/aaa_base.rpm This package contains a fix for this problem. Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany
Hi there!
dear suse security team,
on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files.
I'm not one of the SuSE-team, but I had the same problem and found a solution... There is a file called /etc/logfiles and if you change the lines which have to do with syslogd like this...: # # This file tells cron.daily, which log files have to be watched # # File max size mode ownership service # (reload if changed) ... /var/log/mail +4096k 640 root.root syslog /var/log/messages +4096k 640 root.root syslog ... ...the syslog-Daemon is restarted after log rotation. Hope this helps, Michael
Hi, I was out of office for 4 weeks.. so, I don't know if this problem still exists.
ago but never got any response. what can i do?
The rotate script should send a HUP signal to the syslog daemon after the rotate completes. Just add the following line to the end of the script. kill -HUP `cat /var/run/syslogd.pid` Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
On Tue, 18 Apr 2000, Thomas Biege wrote:
Just add the following line to the end of the script.
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd It seems to me that killall is less complicated (doesn't use the special quote mark things). /cog
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It seems to me that killall is less complicated (doesn't use the special quote mark things).
/cog
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
On Tue, 18 Apr 2000, Thomas Biege wrote:
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It was suggested offlist that using the kill one would prevent unwanted SIGHUPage of other processes called syslogd, and this sounds a viable one, although it was possibly shortsighted of the person who decided to call their process syslogd. /cog
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It was suggested offlist that using the kill one would prevent unwanted SIGHUPage of other processes called syslogd, and this sounds a viable one, although it was possibly shortsighted of the person who decided to call their process syslogd.
/cog
Since you can rely on /var/run/syslogd.pid to contain the current pid of syslogd, the kill method is safe. Also keep in mind that kill is a shell builtin, killall is not (and may not be installed). Granted, this doesn't really have an impact, but it is an aspect. Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.
participants (6)
-
cogNiTioN -
Lenz Grimmer -
Michael Balzer -
Michael Dirska -
Roman Drahtmueller -
Thomas Biege