periodic security run output gives false positives after 1 year

[Martin Schütte]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 08:08 PM, Sergey Kandaurov wrote:
> 5424 yet. Almost complete implementation was done in NetBSD in
> that regard in 2008. NetBSD before RFC 5424 changes has had pretty
> similar syslogd source, so if one could analyze and port that
> changes to FreeBSD, that would be pretty nice.

I implemented this and if anyone is interested I would be glad to help
with it. So far I just did not find the time to continue development
or even a FreeBSD port on my own (finishing university, looking for a
job, etc). -- The code is in NetBSD-Current and my own development
repository is now online at https://github.com/mschuett/nbsd-syslog

With regard to porting the biggest difference between systems is the
libevent library, which is included in NetBSD and used in the syslogd(8).

The main "problem" with the IETF/NetBSD syslogd(8) is that it does not
only change the message/protocol format, but at the same time implements
TLS communication and digital signatures. -- In combination these
functions really add size and complexity to the code.

To improve things I wonder if syslogd(8) could be restructured into a
plugin-based architecture. That might keep the different logging targets
(files, console, UDP, TLS) and optional features (new/old format,
signatures) separate and simpler. Of course only if it is simple enough
not to add yet another layer of overhead and complexity.

- -- 
Martin Schütte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8+Sp0ACgkQrb26LrIR2NllIACg7BieDyiVUabLww4n06vehhPe
JjoAoJAq9zAejj0BynH6mP+RBlearIdL
=xV69
-----END PGP SIGNATURE-----