[Pkg-aide-maintainers] Bug#469507: aide-common: No rule for kern.log
Marc Haber
mh+debian-packages at zugschlus.de
Thu Mar 6 17:43:48 UTC 2008
tags #469507 confirmed
thanks
On Wed, Mar 05, 2008 at 04:52:22PM +0100, Francois Gouget wrote:
> aide issues warnings about /var/log/kern.log* files being added, changed and removed. This is a standard rotated log. I think this should be taken care of in 31_aide_syslog. I would propose the following rules for that:
>
> ---
> /var/log/kern\.log\.0$ LowLogs
> /var/log/kern\.log\.1\.gz$ RotatedLogs+ANF
> /var/log/kern\.log\.[2345]\.gz$ RotatedLogs
> /var/log/kern\.log\.9\.gz$ RotatedLogs+ARF
> /var/log/kern\.log$ Logs
> ---
>
> I'm not 100% sure these rules are correct as I never managed to get to
> the zero-change point in order for ifnochange to kick in.
I have modified the regexp to match kern.log as well.
> I will also note that the rules in 31_aide_syslog are a bit looser.
> They use [0-9]+ to handle all the logs all at once (some keep a history
> of only the last 4 files, others 6), and don't use +ARF on the last log
> either (won't that prevent ifnochange from ever kicking in?). Also these
> differences in how rotated logs are handled make it confusing when
> trying to add rules for new logs (not that things are not confusing to
> start with).
The issue here is that I am not using these rules myself since my
systems log everything into /var/log/syslog/syslog, and I use
logrotate to rotate /var/log/syslog/syslog to
/var/log/syslog/syslog-yyyymmdd. I need to rely on users to submit
working rules, and I really appreciate your help.
A few weeks ago, I published a test environment for aide log rotation
rules. This allows one to test with a turn-around time of a few
seconds only. You can download and try it from
https://ivanova.notwork.de/~mh/stuff/aidetest.tar.gz.
I hope it helps, and I am looking forward to any rules you submit.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-aide-maintainers
mailing list