Roger Marquis wrote:
The current syslog syntax timestamp has been reliable now for what, 25+
years? I don't personally see any measurable ROI from changing it.
YMMV of
course.
It is similar to y2k problem and dates with YY format instead of YYYY
- it was fine for many years...
Is it? If I recall Y2K had more to do with 2 digit year fields that should
have been 4 digit.
But did you noticed, that almost everything else is already logging
with year in date?
I don't personally recall a time when everything else wasn't logging the
year, in one format or another. That's not to imply that syslogs
shouldn't be distinguishable by year but the question seems to be where
the year should be logged, A) on every line or B) in the archive file
name.
The problem is, that filename can be easily changed by mistake and then
you can't tell, what date you have stored in file.
I suspect it was not common practice to leave logs on the server for more
than a year when Allman originally wrote syslog, and I have not seen an
environment where logs are left in /var/log for over a year. Personally,
I would rather see FreeBSD stay backwards compatible and A) leave the
syslog timestamp format alone instead opting for KIS by simply writing
the year in the archive file name rather than wasting 5 bytes on every
line of every syslog log file. YMMV.
I understand your point of view, but very little in FreeBSD is (and will
be forever) backward compatible. It is an evolution.
And if we are talking about space - FreeBSD installation doesn't fit
floppy disk drive for a long time :)
Just for curiosity - logs are stored mostly in compressed state and
there is almost no difference in size of compressed file if there is
four digits year or not.
I did a quick test where I changed "Feb 15 01:52:06" to
"2012-02-15 01:52:06" format.
2.8M auth.log.orig
3.0M auth.log.newdate
284K auth.log.orig.gz
284K auth.log.newdate.gz
76K auth.log.orig.bz2
78K auth.log.newdate.bz2
As you can see, there is 0.2M difference in plain text, but with gzip,
there is no difference, with bzip2 there is only 2KB more.
Again - I understand your view, but I still think that using new ISO
date format is an improvement.
Cheers,
Miroslav Lachman
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
