From owner-freebsd-stable@FreeBSD.ORG Sun Apr 17 22:53:51 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3EDF16A4CE for ; Sun, 17 Apr 2005 22:53:51 +0000 (GMT) Received: from gizmo07bw.bigpond.com (gizmo07bw.bigpond.com [144.140.70.42]) by mx1.FreeBSD.org (Postfix) with SMTP id 071A443D46 for ; Sun, 17 Apr 2005 22:53:50 +0000 (GMT) (envelope-from andrew@areilly.bpc-users.org) Received: (qmail 26253 invoked from network); 17 Apr 2005 22:53:47 -0000 Received: from unknown (HELO bwmam02.bigpond.com) (144.135.24.72) by gizmo07bw.bigpond.com with SMTP; 17 Apr 2005 22:53:47 -0000 Received: from cpe-138-130-183-186.nsw.bigpond.net.au ([138.130.183.186]) by bwmam02.bigpond.com(MAM REL_3_4_2a 17/12253523) with SMTP id 12253523; Mon, 18 Apr 2005 08:53:48 +1000 Received: (qmail 12160 invoked by uid 1000); 17 Apr 2005 22:53:47 -0000 Date: Mon, 18 Apr 2005 08:53:47 +1000 From: Andrew Reilly To: Joshua Tinnin Message-ID: <20050417225347.GA9600@gurney.reilly.home> References: <20050414025949.GA94683@gurney.reilly.home> <200504170655.27864.krinklyfig@spymac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504170655.27864.krinklyfig@spymac.com> User-Agent: Mutt/1.4.2.1i cc: freebsd-stable@freebsd.org Subject: Re: Misleading security message output X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 22:53:52 -0000 On Sun, Apr 17, 2005 at 06:55:27AM -0700, Joshua Tinnin wrote: > On Wed 13 Apr 05 19:59, Andrew Reilly > > This could be avoided, perhaps, with a NetBSD-style backup/diff > > mechanism, or (incompatibly) with daemontools/multilog-style > > 64-bit time stamps in the log files. It can be worked-around > > by forcing faster log-file rotations, now that I know about > > the problem. I can't think of a really good widely-applicable > > solution, using the existing framework, though. > > I'm not quite sure what you mean. Do you want a way to have the > timestamp record the year as well, so that you can keep the default > setting? That'd be one way to do it. Multilog, in the daemontools package gives log messages a timestamp that (implicitly) includes the date. The NetBSD method, of keeping a "yesterday" backup of the log files, and diffing against the "now" versions avoids the problem by making the search for "stuff that happened since the last log e-mail" explicit. I don't much mind how the bug is fixed. It would be nice, I think, if the bug fix didn't amount to a documentation addition along the lines of "in order for the nightly security messages to work properly, you must tune the log-file rotation period so that log files are rotated at least once per year. See newsyslog.conf(5)." A reasonable bug-fix could be to add a when value of $ML to the /var/log/messages line of the default /etc/newsyslog.conf. On most machines that will have no effect, because rotation will still be triggered by the size field. It will just make the logic in the nightly security script correct. Cheers, -- Andrew