Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Mar 2006 19:06:56 -0500
From:      Garance A Drosehn <gad@FreeBSD.org>
To:        Darren Pilgrim <darren.pilgrim@bitfreak.org>
Cc:        freebsd-current@FreeBSD.org
Subject:   Re: PROPOSAL for periodic/security/800.loginfail
Message-ID:  <p0623092dc0439a40b4a3@[128.113.24.47]>
In-Reply-To: <441DE4B9.8080708@bitfreak.org>
References:  <99353.1142604012@critter.freebsd.dk> <p0623092ac0430191eb5b@[128.113.24.47]> <441DE4B9.8080708@bitfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 3:09 PM -0800 3/19/06, Darren Pilgrim wrote:
>Garance A Drosehn wrote:
>>
>>  When printing the user-specific information, it only prints
>>  the second line of "to users: " when there was more than one
>>  userid found.  If only one userid was found, then it just
>>  tacks something like "u: root*3" on the first line.
>
>A common, single-line format would make automated parsing simpler.
>Instead of entries like this:
>
>       5 from 127.0.225.154              @ 14:39 -> 14:40 Dec 28
>         to users: root*3 + 1 others
>       3 from 127.0.73.182               @ 21:57 -> 21:58 Dec 26   u: root*3
>
>Do something like this:
>
>       5 from 127.0.225.154              @ 14:39 -> 14:40 Dec 28   to 
>users: root*3 + 1 others
>       3 from 127.0.73.182               @ 21:57 -> 21:58 Dec 26   to 
>users: root*3

XML would make parsing even easier.  That is not meant as a
sarcastic comment, it is just an observation (and one that I
did think about when working on this fmt).  In any case, I
wanted to keep the message readable by humans, not by other
scripts.  When I'm reading these security emails, I'm always
reading them in an 80-column window.  I read them the emails,
I don't have scripts read them.  So that's why I wanted to
avoid line wrap.

While I'm sure we can improve on this format if we sat around
and brain-stormed for awhile, I would prefer something like
this for now, just so I have a chance to get it committed
in time for 6.1-release.  We can always improve on it later.
And the setup is also flexible enough that anyone can select
a different script if they want a different format.

...Still, I might try something along the lines you suggest,
probably as a selectable option, if I have some time while
cleaning up other details.  It might be trivial to support.

-- 
Garance Alistair Drosehn     =      gad@gilead.netel.rpi.edu
Senior Systems Programmer               or   gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0623092dc0439a40b4a3>