[Aide] I (ignore changed filename) woes

Virolainen Pablo pablo at cs.tut.fi
Fri Oct 28 15:42:16 EEST 2005 

On Fri, 28 Oct 2005, Marc Haber wrote:

> Hi,
>
> on my test host, I am running the CVS snapshot from October 26. I have
> a rule
>
> RotatedLogs = I+n+p+i+u+g+s+b+m+c+md5+sha1+rmd160+haval+gost+crc32+tiger
>
> and one
>
> /var/log/syslog/syslog\.[0-9][0-9]\.gz$ RotatedLogs
>
> However, when my syslog is rotated, and /var/log/syslog/syslog.10.gz
> moves to /var/log/syslog/syslog.11.gz, this change is shown in the
> aide output.
>
> File: /var/log/syslog/syslog.10.gz
>  Size     : 863916                            , 1031126
>  Bcount   : 1696                              , 2024
>  Mtime    : 2005-10-11 07:45:01               , 2005-10-13 07:44:59
>  Ctime    : 2005-10-27 07:44:15               , 2005-10-28 07:44:24
>  Inode    : 180562                            , 180563
>  MD5      : ZT6Jon9RC19clQ3LueW+fQ==          , VLsNC6qHGe/qRNGde8U77g==
>  SHA1     : /D31JbLs8uwzXz8dMHqd8sGE2rw=      , kojzzybYEiujhUnVKUBUCwurWDA=
>  RMD160   : FmadTUIjKhGGZvdrfD1R06SA5Wc=      , CkCt3FS8bELVUipGR0vde01Lv68=
>  TIGER    : YgHZwaLkEKveImqDc+6EO6QscFtUXbuV  , 7hbMrciBkv6tx/wa7rSJLAxPRCTAeukj
>  CRC32    : yYMP6g==                          , 4qx5fQ==
>  HAVAL    : My8zazLZiPHW13j6APssi5ei5LVpGnOhLI/kQqc, i06jS90awcgkXL3W2Wr+ZYZRk80gvBeLc4zl3YF
>  GOST     : KDCJM2X0BY+jgy7IJG2UJ+39qR7m88epQaC0hsR, P9uCPajBGuED6KEkEs+N0ASDJKTEMdb3uT4tX/r
>
> File: /var/log/syslog/syslog.11.gz
>  Size     : 1024800                           , 863916
>  Bcount   : 2016                              , 1696
>  Mtime    : 2005-10-09 07:51:32               , 2005-10-11 07:45:01
>  Ctime    : 2005-10-27 07:44:15               , 2005-10-28 07:44:24
>  Inode    : 180561                            , 180562
>  MD5      : 0oXQIvu+T3X/5AvQ65Mtrg==          , ZT6Jon9RC19clQ3LueW+fQ==
>  SHA1     : H7qdZT5/xEyqgZxOLLRM4oQB998=      , /D31JbLs8uwzXz8dMHqd8sGE2rw=
>  RMD160   : bIhGs2R3jUpatgcKKacx2BJtODs=      , FmadTUIjKhGGZvdrfD1R06SA5Wc=
>  TIGER    : pJuy68VCApxOoLNri09X1tAZKfzY7zkF  , YgHZwaLkEKveImqDc+6EO6QscFtUXbuV
>  CRC32    : RFE2QQ==                          , yYMP6g==
>  HAVAL    : I9936r4JkKLw09av5U1BCxCri4awg2Eu+YVq6oq, My8zazLZiPHW13j6APssi5ei5LVpGnOhLI/kQqc
>  GOST     : CarCEIUtsEVC2DlCSwwBkA2kJ+Dqkd32jBq6B47, KDCJM2X0BY+jgy7IJG2UJ+39qR7m88epQaC0hsR
>
> Any idea what I might be doing wrong? Is there any elegant way to
> debug this?
>
> Maybe it'll help if somebody familiar with the aide code could explain
> - in prose - how the new I setting works internally.

I cannot remember that there is this kind of feature in AIDE. It would be 
nice to have.

Duke NEMO / C.O.M.A
alias pablo the pallo virolainen

More information about the Aide mailing list