- Jamf Nation Community
- Products
- Jamf Pro
- Re: Editing Newsyslog.conf
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Editing Newsyslog.conf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 06:26 AM
I'm looking for a programmatic way to update the newsyslog.conf. I would like to update the counts for secure.log and system.log to 30. The current counts are 5 and 7 (see below). To date the only thing we have found is to use the SEDs command. However, that gets a bit messy b/c of the tabs with in the file and the way the SED command(s) handle them. Is there a better way to modify this entry?
/var/log/secure.log 640 5
/var/log/system.log 640 7
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 06:31 AM
here is a perl sub to do it...
sub setLogRetention {
my $firstbootArgs = shift;
my $securelog = $$firstbootArgs{securelog};
my $systemlog = $$firstbootArgs{systemlog};
my $conf = "/private/etc/newsyslog.conf";
my $newconf = "/private/etc/newsyslog.conf.new";
if (($securelog) || ($systemlog)) {
syslog('notice', "change log retention period
");
open SLOLD, $conf or die "$progname:$conf: $!
";
open SLNEW, ">$newconf" or die "$progname:$newconf$!
";
while(<SLOLD>) {
s/5/$securelog/ if ((/secure.log/) && $securelog);
s/7/$systemlog/ if ((/system.log/) && $systemlog);
print SLNEW;
}
system("mv $newconf $conf");
}
return;
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 06:41 AM
you should be able to look for the 5 and replace it with your number and not have to mess with the tabs with sed. something like this knowing that the only 7 in the file is for the system.log file...
sed 's/7/30/' newsyslog.conf
# configuration file for newsyslog
# $FreeBSD: /repoman/r/ncvs/src/etc/newsyslog.conf,v 1.50 2005/03/02 00:40:55 brooks Exp $
#
# Entries which do not specify the '/pid_file' field will cause the
# syslogd process to be signalled when that log file is rotated. This
# action is only appropriate for log files which are written to by the
# syslogd process (ie, files listed in /etc/syslog.conf). If there
# is no process which needs to be signalled when a given log file is
# rotated, then the entry for that file should include the 'N' flag.
#
# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'.
#
# Note: some sites will want to select more restrictive protections than the
# defaults. In particular, it may be desirable to switch many of the 644
# entries to 640 or 600. For example, some sites will consider the
# contents of maillog, messages, and lpd-errs to be confidential. In the
# future, these defaults may change to more conservative ones.
#
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/appfirewall.log 640 5 1000 J
/var/log/ftp.log 640 5 1000 J
/var/log/hwmond.log 640 5 1000 J
/var/log/install.log 640 5 1000 J
/var/log/ipfw.log 640 5 1000 J
/var/log/lookupd.log 640 5 1000 J
/var/log/lpr.log 640 5 1000 J
/var/log/mail.log 640 5 1000 J
/var/log/ppp.log 640 5 1000 J
/var/log/secure.log 640 5 1000 J
/var/log/system.log 640 30 @T00 J
/var/log/wtmp 644 3 @01T05 B
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 06:52 AM
Thanks so much for the quick reply! It is much appreciated. Do you know how to do this using a shell script?
Thanks again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 07:07 AM
Might not be the most elegant way of doing it but...
egrep -v secure.log|system.log newsyslog.conf >> new.newsyslog.conf
awk '/secure.log/{print "/var/log/securelog 640 30 @T01T05 J
"}' newsyslog.conf >> new.newsyslog.conf
awk '/system.log/{print "/var/log/securelog 640 30 @T00 J
"}' newsyslog.conf >> new.newsyslog.conf
cp new.newsyslog.conf newsyslog.conf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 09:08 AM
Hi Andy - Below is another option for you....
#!/bin/bash
# Set the field seperator to a newline
IFS="
"
rm -f /private/etc/newsyslog2.conf
sleep 1
# Loop through the file
for line in `cat /private/etc/newsyslog.conf`;do
# Echo the line (echo could be changed to whatever command you want)
if (echo $line | grep system.log); then
system=$(echo $line | grep system.log | sed -e 's/7/30/g')
echo $system >> /private/etc/newsyslog2.conf
sleep .1
elif (echo $line | grep secure.log); then
secure=$(echo $line | grep secure.log | sed -e 's/5/30/g')
echo $secure >> /private/etc/newsyslog2.conf
sleep .1
else
echo $line >> /private/etc/newsyslog2.conf
sleep .1
fi
done
cp /private/etc/newsyslog2.conf /private/etc/newsyslog.conf
rm -f /private/etc/newsyslog2.conf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2012 10:14 AM
Thanks to both of you! This was extremely helpful and works perfectly.
