Hi,
I have a question about the new ANF feature.
Here are the relevant parts of configuration:
Binlib = n+p+i+u+g+s+b+m+c+md5+sha1+rmd160+haval+gost+crc32+tiger
StaticDir = n+p+i+u+g
Logs = n+p+u+g+S
LowLogs = n+p+u+g
RotatedLogs = I+n+p+i+u+g+s+b+m+md5+sha1+rmd160+haval+gost+crc32+tiger
/ Binlib
!/var$
/var/ Binlib
=/var/log$ StaticDir
/var/log/syslog/syslog$ Logs
/var/log/syslog/(syslog|auth\.log)$ Logs
/var/log/syslog/(syslog|auth\.log)\.1$ LowLogs
/var/log/syslog/(syslog|auth\.log)\.2\.gz$ RotatedLogs+ANF
/var/log/syslog/(syslog|auth\.log)\.[0-9]{1,3}\.gz$ RotatedLogs
With that configuration, I get the following output on the second day
/var/log/syslog/syslog being rotated and aide running:
File /var/log/syslog/syslog.2.gz in databases has different attributes,
403177277,134741821
added:/var/log/syslog/syslog.2.gz
The database compared against looks like:
@@db_spec name lname attr perm bcount uid gid size mtime ctime inode lcount md5
sha1 rmd160 tiger crc32 haval gost
/var/log 0 4029 40755 8 0 0 4096 MTEzMDgyODU4OA== MTEzMDgyODU4OA== 197 16 0 0 0
0 0 0 0
/var/log/syslog 0 4029 40755 8 0 0 4096 MTEzMTYwNjM0Mw== MTEzMTYwNjM0Mw== 388 2
0 0 0 0 0 0 0
/var/log/syslog/syslog 0 67110941 100640 0 0 4 42570 0 0 0 1 0 0 0 0 0 0 0
/var/log/syslog/syslog.1 0 2077 100640 0 0 4 0 0 0 0 1 0 0 0 0 0 0 0
/var/log/syslog/syslog.2.gz 0 403177277 100640 40 0 4 17524 MTEzMTUxOTc4Mg== 0
7 65 1 tWS1CQfxvI7BKgqvlkebeQ==
LlAfD3TmPdHUj3Sy6Ln1E2MnitI=xyuzWqGlUxbSI4s+yRiTtsV3Uhk=
qBdSkG2K6nYbkvSlzJCf9uIHlzLE/HEg V2FDjA== JeeKin7t4v8s16ItQPIzJI4k08/Jsq
KW++9AEI6eJgY= oyTSKzS1x+lQ2dwefc4zHm/Y+z/fXJXi4+r+DoA7ZDc=
/var/log/syslog/syslog.3.gz 0 134741821 100640 40 0 4 18642 MTEzMTQzMzM4OQ== 0
7 53 1 0XcIIKGnodvDIj3h7UrK0A== aoEeoO4HPYsPgOMjzbh8asqrHak=
TExjb2rnJeltrq2LT1oSx /3ILlo= 3hRlPJGONeWUoNGjWY6juE9hreWTxtJT scsYRA==
jmm/cVx47PmNITz3beeSnGg6mK5Uhz xobbXS1nQuBk4=
l/rDQI+Ug5bnxoo/g4yMTlw8WWDtP5PeuMxPVNl/ns0=
/var/log/syslog/syslog.4.gz 0 134741821 100640 40 0 4 18717 MTEzMTM0NzA0Mg== 0
7 23 1 g/wrQBdOeJ9EMASV4Rn8nw== PQVRp/NKjl9wdAH3eF2d8zzQlY8=
pDblcEDqiF0T3m0/0cABK 8+kUeM= kzBcsyea0/Fwx6+IDct6DEwT0mIvx1vV yjahOQ==
gWSeu0YGSrwX+CZzI5JviOPSr1VjrP COwnTfUAXavC4=
4wu9sIdmh0ZP1uiCOH10QkE59NdoKxJdgf2e22QWgHs=
Any idea why my ANF clause doesn't keep syslog.2.gz from being listed
as "added"?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
_______________________________________________
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
