PROPOSAL for periodic/security/800.loginfail
Garance A Drosehn
gad at FreeBSD.org
Mon Mar 20 00:07:02 UTC 2006
At 3:09 PM -0800 3/19/06, Darren Pilgrim wrote:
>Garance A Drosehn wrote:
>>
>> When printing the user-specific information, it only prints
>> the second line of "to users: " when there was more than one
>> userid found. If only one userid was found, then it just
>> tacks something like "u: root*3" on the first line.
>
>A common, single-line format would make automated parsing simpler.
>Instead of entries like this:
>
> 5 from 127.0.225.154 @ 14:39 -> 14:40 Dec 28
> to users: root*3 + 1 others
> 3 from 127.0.73.182 @ 21:57 -> 21:58 Dec 26 u: root*3
>
>Do something like this:
>
> 5 from 127.0.225.154 @ 14:39 -> 14:40 Dec 28 to
>users: root*3 + 1 others
> 3 from 127.0.73.182 @ 21:57 -> 21:58 Dec 26 to
>users: root*3
XML would make parsing even easier. That is not meant as a
sarcastic comment, it is just an observation (and one that I
did think about when working on this fmt). In any case, I
wanted to keep the message readable by humans, not by other
scripts. When I'm reading these security emails, I'm always
reading them in an 80-column window. I read them the emails,
I don't have scripts read them. So that's why I wanted to
avoid line wrap.
While I'm sure we can improve on this format if we sat around
and brain-stormed for awhile, I would prefer something like
this for now, just so I have a chance to get it committed
in time for 6.1-release. We can always improve on it later.
And the setup is also flexible enough that anyone can select
a different script if they want a different format.
...Still, I might try something along the lines you suggest,
probably as a selectable option, if I have some time while
cleaning up other details. It might be trivial to support.
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
More information about the freebsd-current
mailing list