Re: periodic security run output gives false positives after 1 year



So, can't you just do this?

1) Make it an option.
2) If it isn't set, keep the output like it is now.
3) Set it by default in new installs, with a comment above it that it
might break things. That way people upgrading get a warning, too, and
can keep it the way it has been if they'd like.

On Fri, Feb 17, 2012 at 14:48, Roger Marquis <marquis@xxxxxxxxx> wrote:
On Fri, 17 Feb 2012, Sergey Kandaurov wrote:

Problem with that would be backwards compatibility, and it's not IMO
worth breaking everyone's syslog parsing scripts to fix an issue that
really isn't due to the date format as much as it is to log rotation.


That is not a showstopper. Nothing prevents to merge both formats in one
daemon and introduce a new syslogd option to choose the desired format.


That would be more of a Linux than BSD way of doing things i.e.,
deprecating the existing format without giving full consideration to the
effects on SA scripts and monitoring software, some of which is hardcoded
and difficult to change without breaking more than it fixes.  The current
syslog syntax timestamp has been reliable now for what, 25+ years?  I
don't personally see any measurable ROI from changing it.  YMMV of
course.

Roger Marquis

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



--
Mike Kelly
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages