Misleading security message output
Andrew Reilly
andrew-freebsd at areilly.bpc-users.org
Thu Apr 21 16:52:21 PDT 2005
On Mon, Apr 18, 2005 at 10:54:20AM +0900, Joel wrote:
> The first question that comes to mind: do you really need logs from a
> year back?
Nope. Should I need to tweak the default config files to ensure
that I dont get them?
> Maybe it's because I'm such a newb, but I'm wondering which program has
> what bug? Is it that the default configuration files for the login logs
> doesn't put on age limit on the rotation? Is it that the log lines don't
> conain a full 4-digit year in the timestamp? Or is it that the
> logscraper doesn't know to check the age of a log file, or doesn't know
> to work on the tail of the log?
The bug is in the security logscraper script, because it
presented a log entry from a year ago as something that happened
yesterday. The proximate cause of the bug is that the log
files don't contain a year as part of the date format. The
easy work-around is to include timed rotation as part of the
standard configuration so that the lack of a year in the logfile
date format does not expose the bug in the script. There are
two plausible "real fixes" for the bug: 1) use a backup+diff
scheme to find "yesterday's log messgaes" -- this is what NetBSD
does, or 2) change the syslog daemon to include the year in the
logfile date stamp -- this is what daemontools' multilog does.
Option 2 is likely to be difficult to roll into the standard
because it would almost certainly break third-party logfile
scrapers.
Cheers,
--
Andrew
More information about the freebsd-stable
mailing list