Strange log-rotate problem
Hi all --
This is a long shot, but I thought I'd ask here.
I have a multiply-upgraded Debian "etch" box, which is also a log
host (i.e. many other hosts log on it via the UDP port that syslog provides),
and our policies regarding log retention have recently changed.
My problem is that I can't figure out who is rotating /var/log/auth.log.
It's currently being rotated every day, and retained for a week.
I spent a lot of quality time today with the logrotate documentation,
and I'm confident that it's not in any logrotate scripts.
I also checked out the cron-driven log rotation that's done by the
scripts that come with the sysklogd package, and that package seems to
be set up to rotate it weekly -- this may be working, but never getting
the chance, because the daily rotations are colliding with the weekly
effort.
I know that rsyslogd provides logrotate packages, many of my systems
work that way, but this system does not have rsyslogd installed.
There are also some residual syslog-ng scripts, but they don't
appear to be active.
What I *do* know is that whatever is rotating the auth logs is
cron-triggered -- they all have 06:25 time-stamps, suggesting they're
run from /etc/cron.daily somewhere.
But I've looked at all those scripts, and none of them seem to
do it.
Possibly relevant is that this system is very old, and has been
transplanted to new hardware several times -- I think it started out
as Debian "potato", and has been steadily upgraded over the years, so
it could be left-over functionality from some ancient package that's
mucking things up.
So, my specific question is, is there anything *else* besides logrotate
or sysklogd scripts that can do log rotations? Some obscure cron thing
that doesn't show up when I grep for "auth" or "log", because it's doing
some kind of crazy pattern-matching thing?
Thanks in advance...
-- A.
--
Andrew Reid / reidac@bellatlantic.net
Reply to: