Re: [logs] Year value in timestamps

From: Marcus J. Ranum (mjrat_private)
Date: Fri Dec 27 2002 - 05:44:34 PST

  • Next message: durnieat_private: "Re: [logs] Quick overview of commercial log analysis tools?"

    abhinav tiwari wrote:
    >In my current company ,i viewed the collected logs in /var/messages and /var/log/secure...it shows date, time and month  , completely , but not the YEAR ...!
    
    Yeah, isn't that amazing? Syslog doesn't record the year. What
    were they smoking?
    
    > Some of the enteries are surely of 2001 or may be 2000 ..but some are of 2002 . I am not able to segrregate exactly whic year(2002/2001/2000 may be before..:-)) the log line belongs to ! Anyone pls suggest how to force year info inside the timestamps...for the past records or in future log collections , in the unix system.
    
    Well, for your past data, it's already too late, unless you have
    the original files and can use the file's timestamp. Depending
    on how you do your log rotation, the file's creation date might
    be the clue you need. Then you'll need to go back with a script
    and rewrite the dates in the file - log tampering for good instead
    of evil! :) As far as future logs? You're kind of stuck unless
    you replace syslogd - I don't know if any of the current popular
    versions are smart enough to paste in the year-value if one is
    not provided, but they should...
    
    mjr. 
    ---
    Marcus J. Ranum				http://www.ranum.com
    Computer and Communications Security	mjrat_private
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:55:19 PST