periodic security run output gives false positives after 1 year
Miroslav Lachman
000.fbsd at quip.cz
Fri Feb 17 23:25:00 UTC 2012
Roger Marquis wrote:
> On Fri, 17 Feb 2012, Sergey Kandaurov wrote:
>>> Problem with that would be backwards compatibility, and it's not IMO
>>> worth breaking everyone's syslog parsing scripts to fix an issue that
>>> really isn't due to the date format as much as it is to log rotation.
>>
>> That is not a showstopper. Nothing prevents to merge both formats in one
>> daemon and introduce a new syslogd option to choose the desired format.
>
> That would be more of a Linux than BSD way of doing things i.e.,
> deprecating the existing format without giving full consideration to the
> effects on SA scripts and monitoring software, some of which is hardcoded
> and difficult to change without breaking more than it fixes. The current
> syslog syntax timestamp has been reliable now for what, 25+ years? I
> don't personally see any measurable ROI from changing it. YMMV of
> course.
It is similar to y2k problem and dates with YY format instead of YYYY -
it was fine for many years...
But did you noticed, that almost everything else is already logging with
year in date?
Miroslav Lachman
More information about the freebsd-security
mailing list