From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 6 15:30:19 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6835D16A4E1 for ; Thu, 6 Jul 2006 15:30:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E7BB43D76 for ; Thu, 6 Jul 2006 15:30:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k66FUHXL096799 for ; Thu, 6 Jul 2006 15:30:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k66FUGTh096796; Thu, 6 Jul 2006 15:30:16 GMT (envelope-from gnats) Resent-Date: Thu, 6 Jul 2006 15:30:16 GMT Resent-Message-Id: <200607061530.k66FUGTh096796@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Anton Korotin Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE2F216A4DE for ; Thu, 6 Jul 2006 15:21:07 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D71A43D70 for ; Thu, 6 Jul 2006 15:20:44 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k66FKiho077591 for ; Thu, 6 Jul 2006 15:20:44 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k66FKivP077590; Thu, 6 Jul 2006 15:20:44 GMT (envelope-from nobody) Message-Id: <200607061520.k66FKivP077590@www.freebsd.org> Date: Thu, 6 Jul 2006 15:20:44 GMT From: Anton Korotin To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: conf/99844: incorrect default newsyslog.conf settings X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2006 15:30:19 -0000 >Number: 99844 >Category: conf >Synopsis: incorrect default newsyslog.conf settings >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jul 06 15:30:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Anton Korotin >Release: FreeBSD 6.1-RELEASE i386 >Organization: >Environment: FreeBSD delta2.ripn.net 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:42:56 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386 >Description: The problem is a combination of two facts: 1) According to default newsyslog.conf settings some log files are rotated only by size, on reaching 100K size limit. 2) syslogd has hard-coded format for writing date into log files. Year is not included and hence can't be written into logs. The problem appears when the log file grows slower then 100K per year. In this case it becomes hard (or even impossible) to distinguish records created on the same day but different years. One visible effect is 'false positives' of /etc/periodic/security/800.loginfail script, which analyses /var/log/auth.log file and may report about events happened one or more years ago while it's expected to report only 'yesterday' login failures as it's result is included in daily security reports. >How-To-Repeat: >Fix: Variants are: a) to teach syslogd writing date in log files with year value b) rotate log files at least once a year despite of their sizes >Release-Note: >Audit-Trail: >Unformatted: