On Sat, Feb 18, 2012 at 04:35:20PM -0500, Robert Simmons wrote: > On Fri, Feb 17, 2012 at 6:56 PM, Roger Marquis <marq...@roble.com> wrote: > > I don't personally recall a time when everything else wasn't logging the > > year, in one format or another. That's not to imply that syslogs > > shouldn't be distinguishable by year but the question seems to be where > > the year should be logged, A) on every line or B) in the archive file > > name. > > There already is a standard, RFC 5424: > freebsd-security@freebsd.org > > You are asking, should we make our own decision to do this totally > differently than the standard set in that RFC, or should be implement > that RFC? > > Another option is to do nothing and stick with the way it is. > > I think the way to proceed would be to implement RFC 5424, and have it > as a switch in rc.conf, something like: > > syslogd_flags="-x" > where x is the new switch that would enable RFC5424 style logging.
How about a environment variable that login.conf could be adjusted for so in-case something else wants to benefit from similiar behavior it can just look for that too ? Similiar to how BLOCKSIZE works. After all this is an environmental change. > > This would be optional for now. Then with FreeBSD 10, 5424 would > become the default with the option now being a flag -y to enable old > style logging for backwards compatibility. > > > I suspect it was not common practice to leave logs on the server for more > > than a year when Allman originally wrote syslog, and I have not seen an > > environment where logs are left in /var/log for over a year. Personally, > > I would rather see FreeBSD stay backwards compatible and A) leave the > > syslog timestamp format alone instead opting for KIS by simply writing > > the year in the archive file name rather than wasting 5 bytes on every > > line of every syslog log file. YMMV. > > It really shouldn't be a common practice, but we live in a world where > governments are forcing data retention laws. In is an unfortunate > reality that needs to be dealt with. > http://en.wikipedia.org/wiki/Telecommunications_data_retention > > Also, I'm not sure I follow the logic behind some of the people on > this list saying not to implement this at all. It should be an option > for now, then the default on the other side of a major OS version with > the old way then available as an option. This seems the most rational > path to take. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org" -- ;s =;
pgpBZkK3rmUTo.pgp
Description: PGP signature
