From owner-freebsd-questions@FreeBSD.ORG Sun Jul 4 20:41:27 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 332C516A4CE for ; Sun, 4 Jul 2004 20:41:27 +0000 (GMT) Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id C67A943D31 for ; Sun, 4 Jul 2004 20:41:26 +0000 (GMT) (envelope-from scott@g-it.ca) Received: from [192.168.0.2] (hsdbsk69-11-26-32.sasknet.sk.ca [69.11.26.32]) by blue.gerhardt-it.com (Postfix) with ESMTP id 808EAFDC0 for ; Sun, 4 Jul 2004 14:41:25 -0600 (CST) Mime-Version: 1.0 (Apple Message framework v618) Content-Transfer-Encoding: 7bit Message-Id: <838D4C4C-CDFA-11D8-BF6E-000393801C60@g-it.ca> Content-Type: text/plain; charset=US-ASCII; format=flowed To: FreeBSD From: Scott Gerhardt Date: Sun, 4 Jul 2004 14:41:24 -0600 X-Mailer: Apple Mail (2.618) Subject: Auth.log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jul 2004 20:41:27 -0000 I'm running FreeBSD 4.7 and I noticed that /var/log/auth.log does not include year (YYYY) in the log entries. My daily cron jobs recently sent notice that there were some failed login attempts on July 3 to an account that was removed many months ago. This raised concern, so I did a thorough check and determined that the failed login attempt occurred July 03 of 2003, _not_ 2004. Shouldn't auth.log include the full YYYY-MM-DD date to avoid confusion in case auth.log doesn't rotate between years? This should apply to all logs, especially security related logs... Thanks, -- Scott A. Gerhardt, P.Geo. Gerhardt Information Technologies