unixninja: FreeBSD Logfile Management

FreeBSD Logfile Management

Here's an example of the syslog and newsyslog configuration I use on my firewall/webserver/webcache(squid)/mailserver/etc (hostname insomnia).

In /etc/rc.conf, I have...


syslogd_enable="YES"                       # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd"        # path to syslogd, if you want a different one.
syslogd_flags="-ss -vv -m 5 -c"            # Flags to syslogd (if enabled).

/etc/syslog.conf and /etc/newsyslog.conf configurations.

Note that I've copied /etc/defaults/periodic.conf to /etc/periodic.conf, and modified four lines as shown below. This causes the periodic output (launched via cron) to report to a local filesystem, and not send email to root. Ensure that the /log/periodic directory, or wherever you point the output to, exists.

daily_output="/log/periodic/daily.log"                               # user or /file
daily_status_security_output="/log/periodic/security.log"            # user or /file
weekly_output="/log/periodic/weekly.log"                             # user or /file
monthly_output="/log/periodic/monthly.log"                           # user or /file

And finally, there's a little script I wrote to automagically create the logfiles and fix their permissions and ownership. I usually place it in the /etc directory.

/etc/log.sh - place it in your /etc directory and run...

cd /etc
chmod +x log.sh
./log.sh

It will process both /etc/syslog.conf and /etc/newsyslog.conf, creating files and updating permissions (chmod) and ownership (chown/chgrp) as necessary.

Return to tips+howtos.