Misleading security message output

Andrew Reilly andrew-freebsd at areilly.bpc-users.org
Thu Apr 21 16:52:21 PDT 2005

On Mon, Apr 18, 2005 at 10:54:20AM +0900, Joel wrote:
> The first question that comes to mind: do you really need logs from a
> year back? 

Nope.  Should I need to tweak the default config files to ensure
that I dont get them?

> Maybe it's because I'm such a newb, but I'm wondering which program has
> what bug? Is it that the default configuration files for the login logs
> doesn't put on age limit on the rotation? Is it that the log lines don't
> conain a full 4-digit year in the timestamp? Or is it that the
> logscraper doesn't know to check the age of a log file, or doesn't know
> to work on the tail of the log?

The bug is in the security logscraper script, because it
presented a log entry from a year ago as something that happened
yesterday.  The proximate cause of the bug is that the log
files don't contain a year as part of the date format.  The
easy work-around is to include timed rotation as part of the
standard configuration so that the lack of a year in the logfile
date format does not expose the bug in the script.  There are
two plausible "real fixes" for the bug: 1) use a backup+diff
scheme to find "yesterday's log messgaes" -- this is what NetBSD
does, or 2) change the syslog daemon to include the year in the
logfile date stamp -- this is what daemontools' multilog does.
Option 2 is likely to be difficult to roll into the standard
because it would almost certainly break third-party logfile



More information about the freebsd-stable mailing list