From owner-freebsd-security@FreeBSD.ORG  Fri Feb 17 18:02:43 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 58B011065674
	for <freebsd-security@freebsd.org>;
	Fri, 17 Feb 2012 18:02:43 +0000 (UTC)
	(envelope-from pluknet@gmail.com)
Received: from mail-lpp01m010-f54.google.com (mail-lpp01m010-f54.google.com
	[209.85.215.54])
	by mx1.freebsd.org (Postfix) with ESMTP id BF3E88FC0A
	for <freebsd-security@freebsd.org>;
	Fri, 17 Feb 2012 18:02:42 +0000 (UTC)
Received: by lagz14 with SMTP id z14so5966007lag.13
	for <freebsd-security@freebsd.org>;
	Fri, 17 Feb 2012 10:02:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=0/ChVj5bv+R33uT4QSNVtDhQeSCr+9CtunMhmPJBSDQ=;
	b=SVfADk3XwUGDYlcuci6HuqMXoY6cU07uJHeqMtYRw8AwMLLPstkntHGE0q35fBHQX3
	16n/e7tJIXW6KEEW/bdB5/swEd2n7xYbnp+EyYaFgL4ZmN9J+fjh/SuyUlLgYhQozbFl
	wQIvyAAKSNim8poDYIEHIWuc3jw5U6WrirDP8=
MIME-Version: 1.0
Received: by 10.112.102.37 with SMTP id fl5mr2798018lbb.95.1329501761598; Fri,
	17 Feb 2012 10:02:41 -0800 (PST)
Received: by 10.152.18.4 with HTTP; Fri, 17 Feb 2012 10:02:41 -0800 (PST)
In-Reply-To: <20120217152400.261AC106564A@hub.freebsd.org>
References: <20120217120034.201EB106574C@hub.freebsd.org>
	<20120217152400.261AC106564A@hub.freebsd.org>
Date: Fri, 17 Feb 2012 21:02:41 +0300
Message-ID: <CAE-mSO+sa2Cu0aQksEXGyMnyns3=aAL8odmzQNMEJ77dpUAgmw@mail.gmail.com>
From: Sergey Kandaurov <pluknet@gmail.com>
To: Roger Marquis <marquis@roble.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-security@freebsd.org
Subject: Re: periodic security run output gives false positives after 1 year
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2012 18:02:43 -0000

On 17 February 2012 19:04, Roger Marquis <marquis@roble.com> wrote:
> Sergey Kandaurov wrote:
>>
>> In IETF this RFC is marked obsolete and replaced with RFC 5424 with
>> different timestamp format in ISO 8601 form. FreeBSD doesn't implement
>> 5424 yet. Almost complete implementation was done in NetBSD in that
>> regard in 2008. NetBSD before RFC 5424 changes has had pretty similar
>> syslogd source, so if one could analyze and port that changes to FreeBSD,
>> that would be pretty nice.
>
>
> Problem with that would be backwards compatibility, and it's not IMO
> worth breaking everyone's syslog parsing scripts to fix an issue that
> really isn't due to the date format as much as it is to log rotation.
>

That is not a showstopper. Nothing prevents to merge both formats in one
daemon and introduce a new syslogd option to choose the desired format.

-- 
wbr,
pluknet