Re: periodic security run output gives false positives after 1 y

--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Feb 18, 2012 at 04:35:20PM -0500, Robert Simmons wrote:
> On Fri, Feb 17, 2012 at 6:56 PM, Roger Marquis <marquis@roble.com> wrote:
> > I don't personally recall a time when everything else wasn't logging the
> > year, in one format or another. =A0That's not to imply that syslogs
> > shouldn't be distinguishable by year but the question seems to be where
> > the year should be logged, A) on every line or B) in the archive file
> > name.
>=20
> There already is a standard, RFC 5424:
> freebsd-security@freebsd.org
>=20
> You are asking, should we make our own decision to do this totally
> differently than the standard set in that RFC, or should be implement
> that RFC?
>=20
> Another option is to do nothing and stick with the way it is.
>=20
> I think the way to proceed would be to implement RFC 5424, and have it
> as a switch in rc.conf, something like:
>=20
> syslogd_flags=3D"-x"
> where x is the new switch that would enable RFC5424 style logging.

How about a environment variable that login.conf could be adjusted for
so in-case something else wants to benefit from similiar behavior it can
just look for that too ? Similiar to how BLOCKSIZE works. After all this
is an environmental change.

>=20
> This would be optional for now.  Then with FreeBSD 10, 5424 would
> become the default with the option now being a flag -y to enable old
> style logging for backwards compatibility.
>=20
> > I suspect it was not common practice to leave logs on the server for mo=
re
> > than a year when Allman originally wrote syslog, and I have not seen an
> > environment where logs are left in /var/log for over a year. =A0Persona=
lly,
> > I would rather see FreeBSD stay backwards compatible and A) leave the
> > syslog timestamp format alone instead opting for KIS by simply writing
> > the year in the archive file name rather than wasting 5 bytes on every
> > line of every syslog log file. =A0YMMV.
>=20
> It really shouldn't be a common practice, but we live in a world where
> governments are forcing data retention laws.  In is an unfortunate
> reality that needs to be dealt with.
> http://en.wikipedia.org/wiki/Telecommunications_data_retention
>=20
> Also, I'm not sure I follow the logic behind some of the people on
> this list saying not to implement this at all.  It should be an option
> for now, then the default on the other side of a major OS version with
> the old way then available as an option.  This seems the most rational
> path to take.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"

--=20
;s =3D;

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJPQHnEAAoJEJBXh4mJ2FR++IkH/0eNNNZ3ahksXxIPck51/neP
UQh2zMJdZv6JKjfOYw9f2Ep+kdJBMyHRwqvPbV9D65tZeJc4bC/u6hQYsO/wEs0N
WVeg0iCLHRLYV6UeTr7z5sdJHkhThNaKPGUBfjdiB7VEhydmTpwIUyjcf2JBv6Y0
bQMCQoU7T8SjZLIbzL0Ol/5ZbKEOfYAwvgCM0lDMjsW8LFTyRmTEyssQiUu4v0zb
A3BOzoTyfABjOSyve42JwQc64sDEzAWk3u29qU16rruYnA0li8U+DZtO5bR8QwZI
Ze4c5+Ntj9Ucmp/L3vZMSqoAG0V2aHL3LoqJigaxOHrQHJHu38b3tW/Brvmv/7M=
=UBAM
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--