- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Add syslog(3) support to devd(8).

sbin/devd/devd.cc
All output will now go to syslog(3) if devd is daemonized, or stderr
if it's running in the foreground.

sbin/devd/devd.8
Remove the "-D" flag. Filtering messages by priority now
happens in the usual syslog way. For performance reasons, a few
extra-verbose debugging statements are now conditional on the "-d" (do
not daemonize) flag.

etc/syslog.conf
etc/newsyslog.conf
Direct messages from devd(8) to /var/log/devd.log, but leave it
disabled by default

Reviewed by: eadler
Approved by: gibbs (co-mentor)
MFC after: never (removed a command-line option from devd)

Revert r250565 which causes issues for older CPUs

PR: conf/178504
Requested by: many

Make newsyslog compress logs with xz instead of bzip2 to save space.

PR: conf/178504
Submitted by: ak
Reviewed by: smh

Don't reload syslogd after rotating sendmail.st, as this file isn't
managed by syslogd.

PR: conf/169973
Approved by: rstone (co-mentor)
MFC after: 1 week

Fix typo in weekly line which made it to rotated after reaching > 1 Kb.

PR: conf/173857
Submitted by: Matt Smith <matt xtaz.co.uk>

Rotate auth.log and messages at the beginning of a year. Otherwise,
daily security checks 800.loginfail and 900.tcpwrap may produce
false positive alerts.

Make init(8) slightly more robust when /dev/console is missing.

If the environment doesn't offer a working /dev/console, the existing
version of init(8) will simply refuse running rc(8) scripts. This means
you'll only have a system running init(8) and nothing else.

Change the code to do the following:

- Open /dev/console like we used to do, but make it more robust to use
O_NONBLOCK to prevent blocking on a carrier.
- If this fails, use /dev/null as stdin and /var/log/init.log as stdout
and stderr.
- If even this fails, use /dev/null as stdin, stdout and stderr.

So why us this useful? Well, if you remove the `getpid() == 1' check in
main(), you can now use init(8) inside jails to properly execute rc(8).
It still requires some polishing, as existing tools assume init(8) has
PID 1.

Also it is now possible to use use init(8) on `headless' devices that
don't even have a serial boot console.

Updated `flags' field description.

Let rc and periodic infrastructure and newsyslog use the utmpx files.

The slip.log file got removed along with the MPSAFE tty work. If slip
does ever come back it's probably best if its log file be something that
gets added if the user decided they want to run slip instead of having
it here unconditionally.

Remove the C flag from slip.log. The current slip userbase does not
justify the presence of a (usually empty) /var/log/slip.log on every
FreeBSD box.

- Update etc/rc.d/newsyslog to FreeBSD standards and install it.
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.

There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.

Style:
- do not comment out entries in newsyslog.conf
- use tabs to line up inetd.conf

Requested by: bde
Approved by: bms(mentor)

Add rc.d script to start pflogd and add rcvars etc. Also document vars in
rc.conf(5) and put a sample entry to newsyslog.conf

Reviewed by: -current
Approved by: bms(mentor)

Fix typo in comments:
/etc/syslogd.conf -> /etc/syslog.conf

MFC after: 3 days

Add the 'N' flag to the entries for three log files which are *not*
written to by syslogd: /var/log/{daily.log,weekly.log,monthly.log}

MFC after: 1 week

Update the comments in this file to reflect the recent changes to
newsyslog.

MFC after: 1 week

Introduce debug.log which gets debug.* (most of this would otherwise go
to the great bit-bucket in the sky)

Alphabetize.

Rename the ftp log filename for compatability with OpenBSD and NetBSD.

Requested by: ru

Log ftpd stuff in the same way that we log lpd stuff. Too many ftpd's
are attacked for us to throw away this sort of evidence.

Use bzip2 instead of gzip for those logs we compress.

Basic idea agreed to by: rwatson

Change the default permissions for the sendmail statistics file to 0640
instead of 0644 to help protect users against a file locking local
denial of service.

MFC after: 1 day
pending RE approval

Turns out everyone is a lot lazier than I thought. Spell
'authentication.log' as 'auth.log'.

This is also more consistent with syslog facility names.

Sigh. :-)

Submitted by: asmodai, aeonflux, green, ....

Clean up logging of security information a bit:

o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.

o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).

This creates a special authentication log, which can now be searched
by scripts for authentication events.

Use tabs where possible.

Change maillog to have permissions of 640. Users shouldn't be able to
eavesdrop on other users' communications.

Allow group network to read ppp.log & slip.log.

Suggested by: Jesper Skriver <jesper@FreeBSD.org>

o Note that some sites will want to select generally more conservative
permissions on some files, and give hints as to what those permissions
might be. Note also that the current more liberal permissions might
get changed in future revisions.

o More conservative permissions for kerberos.log: 600 instead of 644.

Reviewed by: peter

Document Bzip2's flag.

PR: 27901
Submitted by: Anders Nordby <anders@fix.no> (stylistic changes by me)

/var/log/console.log should be mode 600.

PR: 25329
Submitted by: Yoshihiro Koya Yoshihiro.Koya@math.yokohama-cu.ac.jp
MFC after: 1 week

Log the console output to "/var/log/console.log", not "/var/log/console"
(MFC candidate)

o Introduce automated log rotation for /var/log/console, the
default syslog target for console messages (when enabled in
syslog.conf). Use the same rotation defaults as with
/var/log/messages -- every 100kb of log, compress back logs,
and keep five rotated logs.
o Note: phk also thought it would be useful to force rotation
each boot. This commit does not introduce such a rotation.

Reviewed by: phk

Another overhaul of the periodic stuff.

All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR: 21250

Change various log file modes from mode 664 to 644. Allowing group
wheel to trash logfiles is not exactly good security policy. There have
been several gid wheel holes in ports. Various other files were changed
as well (eg: the locate database were set to more restrictive modes (444)
by their generation scripts) so this should be safe for them. utmp and
wtmp are mode 644 already on all the systems we checked.

Submitted by: jkb
Reviewed by: kris

Add two commented out syslog.conf entries, one to demonstrate the use of
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.

Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.

Approved by: jkh
Reviewed by: freebsd-security

Move /var/cron/log to /var/log/cron

$Id$ -> $FreeBSD$

This is the addition of a syslog(3) security.* top-level category. This
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.

Reviewed by: rgrimes, imp, chris

Syntax for user/group is changed from "user.group" to "user:group" to be
consistant with chown(8).

Fix minor alignment problem.

Damn, forgot this: time -> when.

Sync header line with newsyslog(8).
PR: 11511
Reviewed by: des

Now that newsyslog is capable of doing this at a specific time,
let it rotate /var/log/wtmp again, and update monthly/200.accounting to
take this into account. (Some sites might want to change the parameters
of the rotation; it's easier to do this when it's all centralized in
newsyslog.conf.)

Indicate optional signal number field

rotate sendmail statistics file weekly.
keep the last ten weeks of data.
Submitted by: jmb

PR: 1708, 5448
Remove wtmp

Fix ppp log name

Not kill ppp now, it uses syslog

Update ppp example pid_file name.

Suggested by: ache

Use newly introduced pid file field now for ppp

Revert $FreeBSD$ to $Id$

Change the header line to read "count" instead of "ngen" so
that it matched the terms used in the manual page.

Closes PR# 2663.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Add /var/log/ppp.log from iij ppp

added the "-p" option to amd so that it writes it's pid to
/var/run/amd.pid and added the "-l /var/log/amd.log" option there too

added an entry for the "rotation" of /var/log/amd.log to newsyslog.conf

Put startslip syslog messages into separate file
Increase rotating log sizes in newsyslog.conf to reflect
more common case

Restore broken accounting statistics:
1) It have nothing common to (new)syslog messages
2) acct.* rotating allowed only after "sa -s" run!

/var/account/acct is binary file, mark this fact as 'B' flag

added the file /etc/newsyslog.conf (config file for
/usr/sbin/newsyslog - see the man-page for it for details) - i put all
the "rotations" which were in /etc/[daily,weekly,monthly] in here