FreeBSD has a great concept of establishing default values and letting the user override them.
That approach does not apply to newsyslog, and specifically, newsyslog.conf
This idea came up on IRC after I said I was looking forward to a new FreeBSD 15 which allows the compression specified in newsyslog.conf to be overridden. Using /etc/newsyslog.conf.d
Getting a clean copy
First, I grabbed a pristine copy of /etc/newsyslog.conf from the repo:
[12:34 r730-01 dvl ~/tmp] % fetch -o newsyslog.conf "https://cgit.freebsd.org/src/plain/usr.sbin/newsyslog/newsyslog.conf?h=releng/14.3" newsyslog.conf 1697 B 27 MBps 00s
Key: Remove the <include< statements if you copy newsyslog.conf into /etc/newsyslog.conf.d – that might cause some interesting results if you don’t.
Here is what I grabbed:
[12:40 r730-01 dvl ~/tmp] % cat newsyslog.conf # configuration file for newsyslog # # Entries which do not specify the '/pid_file' field will cause the # syslogd process to be signalled when that log file is rotated. This # action is only appropriate for log files which are written to by the # syslogd process (ie, files listed in /etc/syslog.conf). If there # is no process which needs to be signalled when a given log file is # rotated, then the entry for that file should include the 'N' flag. # # Note: some sites will want to select more restrictive protections than the # defaults. In particular, it may be desirable to switch many of the 644 # entries to 640 or 600. For example, some sites will consider the # contents of maillog, messages, and lpd-errs to be confidential. In the # future, these defaults may change to more conservative ones. # # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/all.log 600 7 * @T00 J /var/log/auth.log 600 7 1000 @0101T JC /var/log/console.log 600 5 1000 * J /var/log/cron 600 3 1000 * JC /var/log/daemon.log 644 5 1000 @0101T JC /var/log/daily.log 640 7 * @T00 JN /var/log/debug.log 600 7 1000 * JC /var/log/devd.log 644 3 1000 * JC /var/log/init.log 644 3 1000 * J /var/log/kerberos.log 600 7 1000 * J /var/log/maillog 640 7 * @T00 JC /var/log/messages 644 5 1000 @0101T JC /var/log/monthly.log 640 12 * $M1D0 JN /var/log/security 600 10 1000 * JC /var/log/utx.log 644 3 * @01T05 B /var/log/weekly.log 640 5 * $W6D0 JN/etc/newsyslog.conf.d/[!.]*.conf /usr/local/etc/newsyslog.conf.d/[!.]*.conf
This is my existing /etc/newsyslog.conf which I relocated to /etc/newsyslog.conf.d/my.newsyslog.conf. In its place, I put the pristine copy from above.
[12:40 r730-01 dvl ~] % cat /etc/newsyslog.conf.d/my.newsyslog.conf # I override compression. # Adjust some ownership, etc # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/all.log 600 7 * @T00 /var/log/auth.log root:logcheck 640 7 100 @0101T C /var/log/console.log 600 5 1000 * /var/log/cron 600 3 1000 * C /var/log/daemon.log 644 5 1000 @0101T BC /var/log/daily.log 640 7 * @T00 N /var/log/debug.log 600 7 1000 * C /var/log/devd.log 644 3 1000 * BC /var/log/init.log 644 3 1000 * /var/log/kerberos.log 600 7 1000 * /var/log/maillog root:logcheck 640 7 * @T00 C /var/log/messages 644 5 1000 @0101T C /var/log/monthly.log 640 12 * $M1D0 N /var/log/security 600 10 1000 * C /var/log/utx.log 644 3 * @01T05 B /var/log/weekly.log 640 5 * $W6D0 N
Result
The results, not what I wanted. Case in point:
[11:12 r730-01 dvl ~% ls -l /var/log/auth.log /var/log/messages -rw------- 1 root wheel 101279 2025.10.01 11:12 /var/log/auth.log -rw-r--r-- 1 root wheel 574033 2025.10.01 11:09 /var/log/messages
/var/log/auth.log should be chown root:logcheck – it is not.
I reverted the changes later that day.