On Fri, Apr 03, 2009, Brett Serkez wrote:
I've been noticing yum updates on several servers I manage over the last few weeks, which I know I didn't perform and could not explain until this morning. At first I suspect a break-in, but found no other evidence or reason an intruder would run the yum updates I was viewing.
Yum updates are logged in /var/log/yum.log, which is what Logwatch scans. Seems that the format of the log entries is: "MMM DD", the year is missing! This morning looking at this log sequentially I noticed I did do yum updates on Apr 02 and Apr 03 as reported in last night's logwatch, but not April of 2009, but rather April of 2008!
Has anyone else noticed this behavior and/or know if there is a fix in progress for it?
I would be surprised at any syslog entries that did have a year in the date. Any log processing routines that sort on date have to deal with this, particularly on year-end logs where one may have entries for December followed by those from January.
This seems to be the case for syslog entries going back at least to Caldera eDesktop 2.4 (the oldest Linux system we support running today that I can check). I just checked a SCO OpenServer 5.0.6a box, and its log entries are missing the year as is a new OpenSolaris system I built within the last week.
Bill