abhinav tiwari wrote: >In my current company ,i viewed the collected logs in /var/messages and /var/log/secure...it shows date, time and month , completely , but not the YEAR ...! Yeah, isn't that amazing? Syslog doesn't record the year. What were they smoking? > Some of the enteries are surely of 2001 or may be 2000 ..but some are of 2002 . I am not able to segrregate exactly whic year(2002/2001/2000 may be before..:-)) the log line belongs to ! Anyone pls suggest how to force year info inside the timestamps...for the past records or in future log collections , in the unix system. Well, for your past data, it's already too late, unless you have the original files and can use the file's timestamp. Depending on how you do your log rotation, the file's creation date might be the clue you need. Then you'll need to go back with a script and rewrite the dates in the file - log tampering for good instead of evil! :) As far as future logs? You're kind of stuck unless you replace syslogd - I don't know if any of the current popular versions are smart enough to paste in the year-value if one is not provided, but they should... mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:55:19 PST