-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Fajar Priyanto Sent: Wednesday, June 22, 2011 22:23 To: CentOS mailing list Subject: Re: [CentOS] Year in log files
On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-centos@listmail.innovate.net wrote:
You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries.
Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor.
Two suggestions, 1) look for 'yum: Updated:' in the messages log, which should be rotated a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings.
2) look at `rpm -qa --last` for at least the currently installed versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log.