From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 28 23:11:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 13E9A106564A;
	Tue, 28 Oct 2008 23:11:42 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27])
	by mx1.freebsd.org (Postfix) with ESMTP id D231E8FC0C;
	Tue, 28 Oct 2008 23:11:41 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101])
	by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 8EB04AFCF5D;
	Tue, 28 Oct 2008 15:11:40 -0800 (AKDT)
From: Mel <fbsd.questions@rachie.is-a-geek.net>
To: freebsd-questions@freebsd.org
Date: Wed, 29 Oct 2008 00:11:39 +0100
User-Agent: KMail/1.9.7
References: <49073D1B.2090701@webrz.net>
	<20081028163236.GC53758@icarus.home.lan>
In-Reply-To: <20081028163236.GC53758@icarus.home.lan>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200810290011.39540.fbsd.questions@rachie.is-a-geek.net>
Cc: Jeremy Chadwick <koitsu@freebsd.org>, Jos Chrispijn <kernel@webrz.net>
Subject: Re: Security | Kernel message
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2008 23:11:42 -0000

On Tuesday 28 October 2008 17:32:36 Jeremy Chadwick wrote:
> On Tue, Oct 28, 2008 at 05:26:03PM +0100, Jos Chrispijn wrote:
> > A prt of my daily security run:
> >
> > triton.xxx.xxx.xxx kernel log messages:
> > +++ /tmp/security.VnqB8ZT6	2008-10-27 23:53:32.000000000 +0100
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> > +em0: link state changed to DOWN
> > +em0: link state changed to UP
> >
> > Is there a way of adding the time on every DOWN and UP line?
>
> No, because the messages are in the kernel log.  The kernel itself does
> not print timestamps, because that's silly.
>
> Try doing this:
>
> 1) Edit /etc/syslog.conf and enable /var/log/all.log,

Actually, these end up in /var/log/messages in a vanilla system (*.notice). 
You can modify /etc/periodic/security/700.kernelmsg, by using:
fgrep 'kernel: ' /var/log/messages 2>/dev/null |

where it says:
dmesg 2>/dev/null

Or more prescise: fgrep 'your.host.name kernel: ' /var/log/messages

This will give you timestamps with the output. I can't really think of 
anything that does end up in dmesg and not in /var/log/messages, but I'm sure 
there are some.
-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.