Date: Mon, 18 Apr 2005 08:53:47 +1000 From: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> To: Joshua Tinnin <krinklyfig@spymac.com> Cc: freebsd-stable@freebsd.org Subject: Re: Misleading security message output Message-ID: <20050417225347.GA9600@gurney.reilly.home> In-Reply-To: <200504170655.27864.krinklyfig@spymac.com> References: <20050414025949.GA94683@gurney.reilly.home> <200504170655.27864.krinklyfig@spymac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 17, 2005 at 06:55:27AM -0700, Joshua Tinnin wrote: > On Wed 13 Apr 05 19:59, Andrew Reilly > > This could be avoided, perhaps, with a NetBSD-style backup/diff > > mechanism, or (incompatibly) with daemontools/multilog-style > > 64-bit time stamps in the log files. It can be worked-around > > by forcing faster log-file rotations, now that I know about > > the problem. I can't think of a really good widely-applicable > > solution, using the existing framework, though. > > I'm not quite sure what you mean. Do you want a way to have the > timestamp record the year as well, so that you can keep the default > setting? That'd be one way to do it. Multilog, in the daemontools package gives log messages a timestamp that (implicitly) includes the date. The NetBSD method, of keeping a "yesterday" backup of the log files, and diffing against the "now" versions avoids the problem by making the search for "stuff that happened since the last log e-mail" explicit. I don't much mind how the bug is fixed. It would be nice, I think, if the bug fix didn't amount to a documentation addition along the lines of "in order for the nightly security messages to work properly, you must tune the log-file rotation period so that log files are rotated at least once per year. See newsyslog.conf(5)." A reasonable bug-fix could be to add a when value of $ML to the /var/log/messages line of the default /etc/newsyslog.conf. On most machines that will have no effect, because rotation will still be triggered by the size field. It will just make the logic in the nightly security script correct. Cheers, -- Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050417225347.GA9600>