On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-centos@listmail.innovate.net wrote:
You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries.
Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Fajar Priyanto Sent: Wednesday, June 22, 2011 22:23 To: CentOS mailing list Subject: Re: [CentOS] Year in log files
On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-centos@listmail.innovate.net wrote:
You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries.
Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor.
Two suggestions, 1) look for 'yum: Updated:' in the messages log, which should be rotated a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings.
2) look at `rpm -qa --last` for at least the currently installed versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log.
Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Fajar Priyanto Sent: Wednesday, June 22, 2011 22:23 To: CentOS mailing list Subject: Re: [CentOS] Year in log files
On Thu, Jun 23, 2011 at 10:18 AM, lists-centos replies-lists-b3z2-centos@listmail.innovate.net wrote:
You should set that log to rotate annually. That should address your issue, in addition to keeping logwatch from picking up year-old entries.
Yes it's rotated annually. That's why I can argue based on common sense, by comparing the CESA date and the occurance in the log file. But if there is year, I don't have to argue at all with the auditor.
Two suggestions,
- look for 'yum: Updated:' in the messages log, which should be rotated
a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings.
- look at `rpm -qa --last` for at least the currently installed
versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log.
you could also use logrpminstalls (available in rpmforge), which logs in /var/log/rpminstalls every rpm that gets installed with a timestamp that includes the year.
-
Denniston, Todd A CIV NAVSURFWARCENDIV Crane -
Fajar Priyanto -
Nicolas Thierry-Mieg