I had an interesting experience, this morning. The nightly security message from a CVS server machine that runs a version of FreeBSD-4 had arrived, and it claimed that someone who hadn't done any work for us for some considerable time had had three failed login attempts, late that night. Curious.
After much hunting around, and checking perimeter logs, it turned out that nothing of the sort had happened. The security log script had been fooled by the age of the messages.0.gz file, which contained messages from more than a year ago. The search pattern "$yesterday" doesn't contain a year, because log file timestamps don't contain years. The log file was so old because rotation is determined by size, and this machine simply doesn't have much to log, despite being used daily. It never goes down, and is basically completely stable. This could be avoided, perhaps, with a NetBSD-style backup/diff mechanism, or (incompatibly) with daemontools/multilog-style 64-bit time stamps in the log files. It can be worked-around by forcing faster log-file rotations, now that I know about the problem. I can't think of a really good widely-applicable solution, using the existing framework, though. Suggestions? -- Andrew _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
