Date: Wed, 29 Oct 2008 00:11:39 +0100 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: Jeremy Chadwick <koitsu@freebsd.org>, Jos Chrispijn <kernel@webrz.net> Subject: Re: Security | Kernel message Message-ID: <200810290011.39540.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <20081028163236.GC53758@icarus.home.lan> References: <49073D1B.2090701@webrz.net> <20081028163236.GC53758@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 28 October 2008 17:32:36 Jeremy Chadwick wrote:
> On Tue, Oct 28, 2008 at 05:26:03PM +0100, Jos Chrispijn wrote:
> > A prt of my daily security run:
> >
> > triton.xxx.xxx.xxx kernel log messages:
> > +++ /tmp/security.VnqB8ZT6 2008-10-27 23:53:32.000000000 +0100
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> >
> > Is there a way of adding the time on every DOWN and UP line?
>
> No, because the messages are in the kernel log. The kernel itself does
> not print timestamps, because that's silly.
>
> Try doing this:
>
> 1) Edit /etc/syslog.conf and enable /var/log/all.log,
Actually, these end up in /var/log/messages in a vanilla system (*.notice).
You can modify /etc/periodic/security/700.kernelmsg, by using:
fgrep 'kernel: ' /var/log/messages 2>/dev/null |
where it says:
dmesg 2>/dev/null
Or more prescise: fgrep 'your.host.name kernel: ' /var/log/messages
This will give you timestamps with the output. I can't really think of
anything that does end up in dmesg and not in /var/log/messages, but I'm sure
there are some.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810290011.39540.fbsd.questions>