Date: Sat, 18 Feb 2012 00:24:57 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, Sergey Kandaurov <pluknet@gmail.com> Subject: Re: periodic security run output gives false positives after 1 year Message-ID: <4F3EE1C9.4030601@quip.cz> In-Reply-To: <20120217194851.D76DE1065670@hub.freebsd.org> References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <CAE-mSO%2Bsa2Cu0aQksEXGyMnyns3=aAL8odmzQNMEJ77dpUAgmw@mail.gmail.com> <20120217194851.D76DE1065670@hub.freebsd.org>
index | next in thread | previous in thread | raw e-mail
Roger Marquis wrote: > On Fri, 17 Feb 2012, Sergey Kandaurov wrote: >>> Problem with that would be backwards compatibility, and it's not IMO >>> worth breaking everyone's syslog parsing scripts to fix an issue that >>> really isn't due to the date format as much as it is to log rotation. >> >> That is not a showstopper. Nothing prevents to merge both formats in one >> daemon and introduce a new syslogd option to choose the desired format. > > That would be more of a Linux than BSD way of doing things i.e., > deprecating the existing format without giving full consideration to the > effects on SA scripts and monitoring software, some of which is hardcoded > and difficult to change without breaking more than it fixes. The current > syslog syntax timestamp has been reliable now for what, 25+ years? I > don't personally see any measurable ROI from changing it. YMMV of > course. It is similar to y2k problem and dates with YY format instead of YYYY - it was fine for many years... But did you noticed, that almost everything else is already logging with year in date? Miroslav Lachmanhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3EE1C9.4030601>