Bug 18587

Summary: /etc/security: improove the dmesg diff output
Product: Base System Reporter: ls <ls>
Component: binAssignee: Brian Somers <brian>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description ls 2000-05-16 08:10:05 UTC 
	Since the dmesg output don't contain the date and time of event,
	it can contain a lot of equal entries (esp. when you run ipfw
	with logging)

How-To-Repeat: 
	$ dmesg | sort | uniq -c | sort -nr | head
Comment 1 alex 2000-05-16 12:44:17 UTC 
Thus spake ls@gambit.msk.su (ls@gambit.msk.su):

> 	Since the dmesg output don't contain the date and time of event,
> 	it can contain a lot of equal entries (esp. when you run ipfw
> 	with logging)

> 	$ dmesg | sort | uniq -c | sort -nr | head

What about recently booted systems?

Alex

-- 
I need a new ~/.sig.
Comment 2 ls 2000-05-16 13:04:15 UTC 
> Thus spake ls@gambit.msk.su (ls@gambit.msk.su):

> > 	Since the dmesg output don't contain the date and time of event,
> > 	it can contain a lot of equal entries (esp. when you run ipfw
> > 	with logging)

> > 	$ dmesg | sort | uniq -c | sort -nr | head

On Tue, May 16, 2000 at 01:44:17PM +0200, Alexander Langer wrote:
> What about recently booted systems?

Some recently booted systems will not have duplicated lines, so the new
and old output will differ only in the order of lines.

How many of us boot just before the daily cron job?
Comment 3 alex 2000-05-16 13:19:04 UTC 
Thus spake Sergei Laskavy (ls@Gambit.Msk.SU):

> > > 	$ dmesg | sort | uniq -c | sort -nr | head
> Some recently booted systems will not have duplicated lines, so the new
> and old output will differ only in the order of lines.

Yes. Bad.

> How many of us boot just before the daily cron job?

True.

Alex

-- 
I need a new ~/.sig.
Comment 4 Leo Bicknell 2001-07-11 02:08:31 UTC 
Isn't this all unreliable anyway?  Since the buffer is of fixed size
it can easily be rolled over in 24 hours by log_in_vain, icmp_bandlim,
ipfw, or a simple full file system for a while.  Any way you slice
it what's really needed is a way to log all of this data into a file,
where the security script can do better post processing.  

That said, doesn't:

diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" | uniq -c get you most
of the way there, and keep the order?  I think most duplicates show up
in a row, not scattered about.

-- 
Leo Bicknell - bicknell@ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Comment 5 Johan Karlsson freebsd_committer freebsd_triage 2002-08-19 20:07:17 UTC 
Responsible Changed
From-To: freebsd-bugs->brian

Over to our periodic guru.
Comment 6 Brian Somers freebsd_committer freebsd_triage 2004-06-29 11:09:29 UTC 
State Changed
From-To: open->closed

I'm afraid I can't see why running output through uniq -c or various 
invocations of sort would improve the output...