From owner-freebsd-security@FreeBSD.ORG Fri Feb 17 23:25:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B6A751065702 for ; Fri, 17 Feb 2012 23:25:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 68CA68FC1E for ; Fri, 17 Feb 2012 23:25:00 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id BF77E28431; Sat, 18 Feb 2012 00:24:58 +0100 (CET) Received: from [192.168.1.2] (ip-86-49-61-235.net.upcbroadband.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0773228426; Sat, 18 Feb 2012 00:24:58 +0100 (CET) Message-ID: <4F3EE1C9.4030601@quip.cz> Date: Sat, 18 Feb 2012 00:24:57 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14 MIME-Version: 1.0 To: Roger Marquis References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <20120217194851.D76DE1065670@hub.freebsd.org> In-Reply-To: <20120217194851.D76DE1065670@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Sergey Kandaurov Subject: Re: periodic security run output gives false positives after 1 year X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2012 23:25:00 -0000 Roger Marquis wrote: > On Fri, 17 Feb 2012, Sergey Kandaurov wrote: >>> Problem with that would be backwards compatibility, and it's not IMO >>> worth breaking everyone's syslog parsing scripts to fix an issue that >>> really isn't due to the date format as much as it is to log rotation. >> >> That is not a showstopper. Nothing prevents to merge both formats in one >> daemon and introduce a new syslogd option to choose the desired format. > > That would be more of a Linux than BSD way of doing things i.e., > deprecating the existing format without giving full consideration to the > effects on SA scripts and monitoring software, some of which is hardcoded > and difficult to change without breaking more than it fixes. The current > syslog syntax timestamp has been reliable now for what, 25+ years? I > don't personally see any measurable ROI from changing it. YMMV of > course. It is similar to y2k problem and dates with YY format instead of YYYY - it was fine for many years... But did you noticed, that almost everything else is already logging with year in date? Miroslav Lachman