Originally Posted by starbuck
Does flagging the logs as "sappend" prevent them from being rotated? How do you get around this?
Yes, it does. You could remove the flag, then rotate the logs, then re-add the flag. But then that would imply that you're running in a securelevel < 1 (which somewhat defeats the purpose of the file flag if root can just remove it
So the real answer is that your log file will be growing indefinitely (until you take the steps to temporarily get to a lower securelevel and manually rotate it).
If you haven't already, check out the manpages for security(7) and chflags(1). There is a good book I reviewed here
that discusses this topic in great detail.