Date: Mon, 20 Feb 2012 07:53:32 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Cc: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Sergey Kandaurov <pluknet@gmail.com>, Miroslav Lachman <000.fbsd@quip.cz> Subject: Re: periodic security run output gives false positives after 1 year Message-ID: <20120220155333.8443D1065676@hub.freebsd.org> In-Reply-To: <86fwe5blm6.fsf@ds4.des.no> References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <CAE-mSO%2Bsa2Cu0aQksEXGyMnyns3=aAL8odmzQNMEJ77dpUAgmw@mail.gmail.com> <20120217194851.D76DE1065670@hub.freebsd.org> <4F3EE1C9.4030601@quip.cz> <20120217235620.4BEF4106566B@hub.freebsd.org> <4F3EFA8B.50002@quip.cz> <86fwe5blm6.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> The correct format is "2012-02-20T01:23:45.6789+01:00" You guys are aware that RFC 5424 is a proposed standard I trust? By being "proposed" it is not a standard, at least not yet. Perhaps the differences in human-readability of the proposed timestamp, or the fact that it has variable field types and lengths, are part of the reason why it has not been ratified. Other parts of this particular RFC bring its trustworthiness into question. In particular the quote "Research during creation of this document showed that there is very little in common between different syslog implementations on different platforms." with no detail on the so-called "research" methodology. In my own experience syslog timestamps are identical across FreeBSD, CentOS, Debian, Ubuntu and Solaris, which represent well over 99% of the installed base. Regarding backwards compatibility, I'd be interested in knowing how many systems, how many logs and how many log-parsing applications those proposing change are responsible for? Would not be surprised if, like others proposing deprecating long-used Unix standards, those advocating the change are not the ones whose workloads or budgets would be impacted. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120220155333.8443D1065676>