Misleading security message output
Andrew Reilly
andrew-freebsd at areilly.bpc-users.org
Sun Apr 17 15:53:52 PDT 2005
On Sun, Apr 17, 2005 at 06:55:27AM -0700, Joshua Tinnin wrote:
> On Wed 13 Apr 05 19:59, Andrew Reilly
> > This could be avoided, perhaps, with a NetBSD-style backup/diff
> > mechanism, or (incompatibly) with daemontools/multilog-style
> > 64-bit time stamps in the log files. It can be worked-around
> > by forcing faster log-file rotations, now that I know about
> > the problem. I can't think of a really good widely-applicable
> > solution, using the existing framework, though.
>
> I'm not quite sure what you mean. Do you want a way to have the
> timestamp record the year as well, so that you can keep the default
> setting?
That'd be one way to do it. Multilog, in the daemontools
package gives log messages a timestamp that (implicitly)
includes the date. The NetBSD method, of keeping a "yesterday"
backup of the log files, and diffing against the "now" versions
avoids the problem by making the search for "stuff that happened
since the last log e-mail" explicit. I don't much mind how the
bug is fixed. It would be nice, I think, if the bug fix didn't
amount to a documentation addition along the lines of "in order
for the nightly security messages to work properly, you must
tune the log-file rotation period so that log files are rotated
at least once per year. See newsyslog.conf(5)."
A reasonable bug-fix could be to add a when value of $ML to the
/var/log/messages line of the default /etc/newsyslog.conf. On
most machines that will have no effect, because rotation will
still be triggered by the size field. It will just make the
logic in the nightly security script correct.
Cheers,
--
Andrew
More information about the freebsd-stable
mailing list