From owner-freebsd-security@FreeBSD.ORG Fri Feb 17 20:22:30 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92575106564A for ; Fri, 17 Feb 2012 20:22:30 +0000 (UTC) (envelope-from pioto@pioto.org) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4B2038FC14 for ; Fri, 17 Feb 2012 20:22:29 +0000 (UTC) Received: by vcmm1 with SMTP id m1so3687600vcm.13 for ; Fri, 17 Feb 2012 12:22:29 -0800 (PST) Received: by 10.52.177.40 with SMTP id cn8mr3892435vdc.43.1329508404210; Fri, 17 Feb 2012 11:53:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.52.89.142 with HTTP; Fri, 17 Feb 2012 11:53:04 -0800 (PST) X-Originating-IP: [216.92.130.84] In-Reply-To: <20120217194851.D76DE1065670@hub.freebsd.org> References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <20120217194851.D76DE1065670@hub.freebsd.org> From: Mike Kelly Date: Fri, 17 Feb 2012 14:53:04 -0500 Message-ID: To: Roger Marquis Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQkKlzRiCAqLtNPiI4NOb/JJBUAkLVwB/KQM3Qtn+4B5rFgBh6F+n0KOo+QPcGY5tgO9x8oE Cc: freebsd-security@freebsd.org, Sergey Kandaurov Subject: Re: periodic security run output gives false positives after 1 year X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2012 20:22:30 -0000 So, can't you just do this? 1) Make it an option. 2) If it isn't set, keep the output like it is now. 3) Set it by default in new installs, with a comment above it that it might break things. That way people upgrading get a warning, too, and can keep it the way it has been if they'd like. On Fri, Feb 17, 2012 at 14:48, Roger Marquis wrote: > On Fri, 17 Feb 2012, Sergey Kandaurov wrote: >>> >>> Problem with that would be backwards compatibility, and it's not IMO >>> worth breaking everyone's syslog parsing scripts to fix an issue that >>> really isn't due to the date format as much as it is to log rotation. >> >> >> That is not a showstopper. Nothing prevents to merge both formats in one >> daemon and introduce a new syslogd option to choose the desired format. > > > That would be more of a Linux than BSD way of doing things i.e., > deprecating the existing format without giving full consideration to the > effects on SA scripts and monitoring software, some of which is hardcoded > and difficult to change without breaking more than it fixes. =C2=A0The cu= rrent > syslog syntax timestamp has been reliable now for what, 25+ years? =C2=A0= I > don't personally see any measurable ROI from changing it. =C2=A0YMMV of > course. > > Roger Marquis > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --=20 Mike Kelly