Re: [CentOS] Year in log files
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Fajar Priyanto Sent: Wednesday, June 22, 2011 22:23 To: CentOS mailing list Subject: Re: [CentOS] Year in log files On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-cen...@listmail.innovate.net wrote: You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries. Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor. Two suggestions, 1) look for 'yum: Updated:' in the messages log, which should be rotated a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings. 2) look at `rpm -qa --last` for at least the currently installed versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Year in log files
Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Fajar Priyanto Sent: Wednesday, June 22, 2011 22:23 To: CentOS mailing list Subject: Re: [CentOS] Year in log files On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-cen...@listmail.innovate.net wrote: You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries. Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor. Two suggestions, 1) look for 'yum: Updated:' in the messages log, which should be rotated a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings. 2) look at `rpm -qa --last` for at least the currently installed versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log. you could also use logrpminstalls (available in rpmforge), which logs in /var/log/rpminstalls every rpm that gets installed with a timestamp that includes the year. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Year in log files
On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-cen...@listmail.innovate.net wrote: You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries. Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Year in log files
On Wed, Jun 22, 2011 at 11:06 PM, Fajar Priyanto fajar...@arinet.orgwrote: Hi, Can we display year in log files timestamp? We are being audited and the auditor wants to know when we apply certain patches. yum.log shows it, but it doesn't have the year. I can argue based on common sense, but it would be much nicer if the year is there. Example: Apr 12 11:41:25 Updated: krb5-libs-1.6.1-55.el5_6.1.i386 Apr 12 11:41:27 Updated: openssl-0.9.8e-12.el5_5.7.i686 If you're using rsyslog, check this out: http://www.rsyslog.com/doc/property_replacer.html -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos