Date: Fri, 17 Feb 2012 14:53:04 -0500 From: Mike Kelly <pioto@pioto.org> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, Sergey Kandaurov <pluknet@gmail.com> Subject: Re: periodic security run output gives false positives after 1 year Message-ID: <CAFb0NsJT47qVZHOGJN8WfdLHk3NdNEyz4_wDrrkAY10ECU16mA@mail.gmail.com> In-Reply-To: <20120217194851.D76DE1065670@hub.freebsd.org> References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <CAE-mSO%2Bsa2Cu0aQksEXGyMnyns3=aAL8odmzQNMEJ77dpUAgmw@mail.gmail.com> <20120217194851.D76DE1065670@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So, can't you just do this? 1) Make it an option. 2) If it isn't set, keep the output like it is now. 3) Set it by default in new installs, with a comment above it that it might break things. That way people upgrading get a warning, too, and can keep it the way it has been if they'd like. On Fri, Feb 17, 2012 at 14:48, Roger Marquis <marquis@roble.com> wrote: > On Fri, 17 Feb 2012, Sergey Kandaurov wrote: >>> >>> Problem with that would be backwards compatibility, and it's not IMO >>> worth breaking everyone's syslog parsing scripts to fix an issue that >>> really isn't due to the date format as much as it is to log rotation. >> >> >> That is not a showstopper. Nothing prevents to merge both formats in one >> daemon and introduce a new syslogd option to choose the desired format. > > > That would be more of a Linux than BSD way of doing things i.e., > deprecating the existing format without giving full consideration to the > effects on SA scripts and monitoring software, some of which is hardcoded > and difficult to change without breaking more than it fixes. =C2=A0The cu= rrent > syslog syntax timestamp has been reliable now for what, 25+ years? =C2=A0= I > don't personally see any measurable ROI from changing it. =C2=A0YMMV of > course. > > Roger Marquis > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --=20 Mike Kelly
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFb0NsJT47qVZHOGJN8WfdLHk3NdNEyz4_wDrrkAY10ECU16mA>