[rbldnsd] OT: Advise needed on what RBL operators supposed to do with logs

[Jon Lewis]

On Sun, 25 Sep 2005, William Leibzon wrote:

> In general I'm one of those people who has hard time getting rid of old staff 
> (yes, my office is a mess) and I keep copies of all logs on the
> unix systems just in case too - which is not that unusual since I'm also
> into security and you never know when it might come in handy month later...

You keep old staff in your office?  We generally let ex-staff go their own 
way.  Your office must really be a mess :)

> I guess this is the case where I have to realize that not everything
> is worth saving.... I'll start deleting all logs after 5 days now

Other option would be to start buying the biggest firewire drives you can 
get, and start stringing them together from the server...but I doubt the 
logs are that valuable.

A nice trick for logging (got this from MJT...don't know if its in the man 
page or a faq somewhere) is to setup logging to a file that's actually a 
directory.  rbldnsd will see that it can't open the "file" and not log. 
If at some point you want logging, rmdir or mv the directory, send rbldnsd 
SIGHUP, and you'll start getting logs without having to stop/start 
rbldnsd.  You can reverse those steps to turn logging off.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                | 
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________