> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Fajar Priyanto > Sent: Wednesday, June 22, 2011 22:23 > To: CentOS mailing list > Subject: Re: [CentOS] Year in log files > > On Thu, Jun 23, 2011 at 10:18 AM, lists-centos > <replies-lists-b3z2-centos at listmail.innovate.net> wrote: > > You should set that log to rotate annually. That should address your > > issue, in addition to keeping logwatch from picking up year-old > > entries. > > Yes it's rotated annually. > That's why I can argue based on common sense, by comparing the CESA > date and the occurance in the log file. > But if there is year, I don't have to argue at all with the auditor. Two suggestions, 1) look for 'yum: Updated:' in the messages log, which should be rotated a bit more often (and the auditor was probably fine with the time stamps there), and if syslog is being directed to a log collector the log collector may have different settings. 2) look at `rpm -qa --last` for at least the currently installed versions, it does include the full year stamp. If needed the auditor could link timestamps from the rpm database to the yum log.