On Mon, Apr 18, 2005 at 10:54:20AM +0900, Joel wrote: > The first question that comes to mind: do you really need logs from a > year back?
Nope. Should I need to tweak the default config files to ensure that I dont get them? > Maybe it's because I'm such a newb, but I'm wondering which program has > what bug? Is it that the default configuration files for the login logs > doesn't put on age limit on the rotation? Is it that the log lines don't > conain a full 4-digit year in the timestamp? Or is it that the > logscraper doesn't know to check the age of a log file, or doesn't know > to work on the tail of the log? The bug is in the security logscraper script, because it presented a log entry from a year ago as something that happened yesterday. The proximate cause of the bug is that the log files don't contain a year as part of the date format. The easy work-around is to include timed rotation as part of the standard configuration so that the lack of a year in the logfile date format does not expose the bug in the script. There are two plausible "real fixes" for the bug: 1) use a backup+diff scheme to find "yesterday's log messgaes" -- this is what NetBSD does, or 2) change the syslog daemon to include the year in the logfile date stamp -- this is what daemontools' multilog does. Option 2 is likely to be difficult to roll into the standard because it would almost certainly break third-party logfile scrapers. Cheers, -- Andrew _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
