[CentOS] Bug in yum Logwatch reporting

Fri Apr 3 17:01:45 UTC 2009
Bill Campbell <centos at celestial.com>

On Fri, Apr 03, 2009, Brett Serkez wrote:
>I've been noticing yum updates on several servers I manage over the
>last few weeks, which I know I didn't perform and could not explain
>until this morning.  At first I suspect a break-in, but found no other
>evidence or reason an intruder would run the yum updates I was
>viewing.
>
>Yum updates are logged in /var/log/yum.log, which is what Logwatch
>scans.  Seems that the format of the log entries is: "MMM DD", the
>year is missing!   This morning looking at this log sequentially I
>noticed I did do yum updates on Apr 02 and Apr 03 as reported in last
>night's logwatch, but not April of 2009, but rather April of 2008!
>
>Has anyone else noticed this behavior and/or know if there is a fix in
>progress for it?

I would be surprised at any syslog entries that did have a year in the
date.  Any log processing routines that sort on date have to deal with
this, particularly on year-end logs where one may have entries for December
followed by those from January.

This seems to be the case for syslog entries going back at least to Caldera
eDesktop 2.4 (the oldest Linux system we support running today that I can
check).  I just checked a SCO OpenServer 5.0.6a box, and its log entries
are missing the year as is a new OpenSolaris system I built within the last
week.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

Once at a social gathering, Gladstone said to Disraeli, I predict,
Sir, that you will die either by hanging or of some vile disease.
Disraeli replied, "That all depends upon whether I embrace your
principles or your mistress".