Date: Fri, 17 Feb 2012 15:56:19 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-security@freebsd.org, Sergey Kandaurov <pluknet@gmail.com> Subject: Re: periodic security run output gives false positives after 1 year Message-ID: <20120217235620.4BEF4106566B@hub.freebsd.org> In-Reply-To: <4F3EE1C9.4030601@quip.cz> References: <20120217120034.201EB106574C@hub.freebsd.org> <20120217152400.261AC106564A@hub.freebsd.org> <CAE-mSO%2Bsa2Cu0aQksEXGyMnyns3=aAL8odmzQNMEJ77dpUAgmw@mail.gmail.com> <20120217194851.D76DE1065670@hub.freebsd.org> <4F3EE1C9.4030601@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
>> The current syslog syntax timestamp has been reliable now for what, 25+ >> years? I don't personally see any measurable ROI from changing it. YMMV of >> course. > > It is similar to y2k problem and dates with YY format instead of YYYY - it > was fine for many years... Is it? If I recall Y2K had more to do with 2 digit year fields that should have been 4 digit. > But did you noticed, that almost everything else is already logging with year > in date? I don't personally recall a time when everything else wasn't logging the year, in one format or another. That's not to imply that syslogs shouldn't be distinguishable by year but the question seems to be where the year should be logged, A) on every line or B) in the archive file name. I suspect it was not common practice to leave logs on the server for more than a year when Allman originally wrote syslog, and I have not seen an environment where logs are left in /var/log for over a year. Personally, I would rather see FreeBSD stay backwards compatible and A) leave the syslog timestamp format alone instead opting for KIS by simply writing the year in the archive file name rather than wasting 5 bytes on every line of every syslog log file. YMMV. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120217235620.4BEF4106566B>