Bug 106978
| Summary: | "daily run" incorrectly assumes auth.log is rolled more than once a year | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Edward Speyer <edward.aepeek> |
| Component: | conf | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 5.4-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->freebsd-rc reassign to rc team Responsible Changed From-To: freebsd-rc->freebsd-bugs periodic != rc.d State Changed From-To: open->closed Duplicate of conf/70715 |
I got a warning today ("Dec 20", 2006) about someone trying to break into my system on "Dec 19". I was very confused by this until I realised that the log lines in question were from "Dec 19" 2005, not "Dec 19" 2006. I'm guessing the problem here is that the log checkers don't account for the fact that logs don't necessarily roll more than once a year. My auth.log happens to be less than the default rolling size (100k: newsyslog.conf) because this machine is a stable webserver. I only mention this bug because it's rather bad practice to give admins these false alarms! Especially with stuff from auth.log! Fix: Log checkers need to be cleverer about remembering which log lines they've seen before... ..or syslog should include the year in date stamps!