[Aide] Allow ARF as opposite to ANF?
Marc Haber
mh+aide at zugschlus.de
Wed Nov 16 17:43:40 EET 2005
On Wed, Nov 16, 2005 at 05:26:26PM +0200, Virolainen Pablo wrote:
> On Tue, 15 Nov 2005, Richard van den Berg wrote:
> > Virolainen Pablo wrote:
> >> Ok. Lets try again.
> >
> > Much better. :-) I applied this patch to CVS and todays daily snapshot.
>
> Has anyone tested ARF?
Not yet. I can only do one test round per day, and currently aide is
broken since it doesn't report any additions and removals any more
even if ANF/ARF is not used.
> We propably should ignore ARF and ANF flags if both of them are enabled at
> the same time, because it means that the file can be added or removed
> -> only changes are reported. Or do we need this kind of feature?
I think that should be like "you asked for it", so the default
behavior is fine IMOI.
> It might be good idea to add hash calculation to uncompressed so that we
> could use those sums to verify that syslog.1 is moved to syslog.2.gz. I
> wonder what kind of syntax is needed for that.
I would probably go for something like
Logs = n+p+u+g+S
LowLogs = n+p+u+g
RotatedLogs = I+n+p+i+u+g+s+b+m+md5+sha1+rmd160+haval+gost+crc32+tiger
/var/log/syslog/syslog$ Logs
/var/log/syslog/syslog\.1$ LowLogs
/var/log/syslog/syslog\.2\.gz$ RotatedLogs+ANF
/var/log/syslog/syslog\.[34567]\.gz$ RotatedLogs
/var/log/syslog/syslog\.7.gz$ RotatedLogs+ARF
for a log that is rotated like .=>.1, .1=>.2.gz, .3.gz=>.4.gz,
.7.gz=>remove
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list