dear suse security team,
on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files.
this is a security issue, as i cannot track security problems without log entries.
i already sent this as a bug report to suse a long time ago but never got any response. what can i do?
regards, michael balzer -- b&b computersysteme * kämperheide 10 * 58285 gevelsberg * germany fon +49 2333 913924 * fax +49 2333 913925 * http://www.bbcomp.de
Hi,
On Thu, 16 Mar 2000, Michael Balzer wrote:
dear suse security team,
on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files.
this is a security issue, as i cannot track security problems without log entries.
i already sent this as a bug report to suse a long time ago but never got any response. what can i do?
Sorry about that. Please update the package aaa_base, which can be found at ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/aaa_base.rpm
This package contains a fix for this problem.
Bye, LenZ
Hi there!
dear suse security team,
on my standard suse 6.3 internet server, i have to do "/sbin/init.d/syslog reload" after any log rotation. if i don't restart it, syslog will not write to the new log files.
I'm not one of the SuSE-team, but I had the same problem and found a solution...
There is a file called /etc/logfiles and if you change the lines which have to do with syslogd like this...:
# # This file tells cron.daily, which log files have to be watched # # File max size mode ownership service # (reload if changed) ... /var/log/mail +4096k 640 root.root syslog /var/log/messages +4096k 640 root.root syslog ...
...the syslog-Daemon is restarted after log rotation.
Hope this helps,
Michael
Hi, I was out of office for 4 weeks.. so, I don't know if this problem still exists.
ago but never got any response. what can i do?
The rotate script should send a HUP signal to the syslog daemon after the rotate completes. Just add the following line to the end of the script.
kill -HUP `cat /var/run/syslogd.pid`
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
On Tue, 18 Apr 2000, Thomas Biege wrote:
Just add the following line to the end of the script.
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
It seems to me that killall is less complicated (doesn't use the special quote mark things).
/cog
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It seems to me that killall is less complicated (doesn't use the special quote mark things).
/cog
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
On Tue, 18 Apr 2000, Thomas Biege wrote:
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It was suggested offlist that using the kill one would prevent unwanted SIGHUPage of other processes called syslogd, and this sounds a viable one, although it was possibly shortsighted of the person who decided to call their process syslogd.
/cog
kill -HUP `cat /var/run/syslogd.pid`
I've seen this type of thing suggested alot, is there a reason this is better than: killall -HUP syslogd
no, there is no reason.
It was suggested offlist that using the kill one would prevent unwanted SIGHUPage of other processes called syslogd, and this sounds a viable one, although it was possibly shortsighted of the person who decided to call their process syslogd.
/cog
Since you can rely on /var/run/syslogd.pid to contain the current pid of syslogd, the kill method is safe. Also keep in mind that kill is a shell builtin, killall is not (and may not be installed). Granted, this doesn't really have an impact, but it is an aspect.
Roman.
-
cogNiTioN -
Lenz Grimmer -
Michael Balzer -
Michael Dirska -
Roman Drahtmueller -
Thomas Biege