[CentOS] Year in log files
Nicolas Thierry-Mieg
Nicolas.Thierry-Mieg at imag.fr
Thu Jun 23 12:36:38 UTC 2011
Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>> Behalf Of Fajar Priyanto
>> Sent: Wednesday, June 22, 2011 22:23
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Year in log files
>>
>> On Thu, Jun 23, 2011 at 10:18 AM, lists-centos
>> <replies-lists-b3z2-centos at listmail.innovate.net> wrote:
>>> You should set that log to rotate annually. That should address your
>>> issue, in addition to keeping logwatch from picking up year-old
>>> entries.
>>
>> Yes it's rotated annually.
>> That's why I can argue based on common sense, by comparing the CESA
>> date and the occurance in the log file.
>> But if there is year, I don't have to argue at all with the auditor.
>
> Two suggestions,
> 1) look for 'yum: Updated:' in the messages log, which should be rotated
> a bit more often (and the auditor was probably fine with the time stamps
> there), and if syslog is being directed to a log collector the log
> collector may have different settings.
>
> 2) look at `rpm -qa --last` for at least the currently installed
> versions, it does include the full year stamp.
> If needed the auditor could link timestamps from the rpm database to
> the yum log.
you could also use logrpminstalls (available in rpmforge), which logs in
/var/log/rpminstalls every rpm that gets installed with a timestamp that
includes the year.
More information about the CentOS
mailing list