periodic security run output gives false positives after 1 year
Roger Marquis
marquis at roble.com
Mon Feb 20 15:53:33 UTC 2012
> The correct format is "2012-02-20T01:23:45.6789+01:00"
You guys are aware that RFC 5424 is a proposed standard I trust? By
being "proposed" it is not a standard, at least not yet.
Perhaps the differences in human-readability of the proposed timestamp,
or the fact that it has variable field types and lengths, are part of the
reason why it has not been ratified.
Other parts of this particular RFC bring its trustworthiness into
question. In particular the quote "Research during creation of this
document showed that there is very little in common between different
syslog implementations on different platforms." with no detail on the
so-called "research" methodology. In my own experience syslog timestamps
are identical across FreeBSD, CentOS, Debian, Ubuntu and Solaris, which
represent well over 99% of the installed base.
Regarding backwards compatibility, I'd be interested in knowing how many
systems, how many logs and how many log-parsing applications those
proposing change are responsible for? Would not be surprised if, like
others proposing deprecating long-used Unix standards, those advocating
the change are not the ones whose workloads or budgets would be impacted.
Roger
More information about the freebsd-security
mailing list