Rainer Gerhards writes: > > -sign says, the reboot session ID mus not be automatically reset to 0 if
> think about a tool like logger. As of my understanding, each > command-line invocation would create a new "reboot session". Rainer, I think your example isn't typical. On most system, there is one "global" sender (syslogd on unix), which run's very long. Usually as long the system is up. It has the counter. This sender get's it data from several sourcer (Applications using "syslog() call in libC; again a unix example). So "booting" an application, --read: you command line tool-- has no effect on the reboot counter. See below, for details of your example... But first, on "the central syslogd"; the RFC doesn't demand it, but assumes the is only 1 sender on each system. E.g. the "private key" is shared by all signatures, so by all "sources". Hard to do when all applications are senders itself. Back to your example. Even when quickly "rebooting" (read: increasing the reboot session counter fast), this should not be a problem. nine 9's is very big! My code uses the current-time, during initialisation, in seconds after 2002 (syslog-sign didn't existed before) and divide by 2. This will result in a reboot-session, that will wrap in the year 2600 (or about). And which can be started each 2 seconds. You can find my code on SF.net, or see below for a C-code fragment: -------- GLOBAL int rebootSessionID = 0; int reboot_session_id(void) { if (rebootSessionID != 0) { if (gettimeofday(&now) != 0) rebootSessionID = 1 // it has to have a value else rebootSessionID= (now.tv_sec- ( (2002-1700) * 365 * 3600) ) / 2 } return rebootSessionID; } ------ For a standalone commandline tool, you probably need more a bit more resolution. E.g. skip the "divide by 2". Most important is that value is unique for that session, for that invocation of that commandline tool. If that means it will wrap in "only a few years", let it be. It's not typical to have short rebootsessions. It means verifying the log, is hard to do anyhow !! Then is easy for delete all log of a reboot session (for a hacker). That can't be verified. Good Luck. PS. The code in SF has a bug: it multiplies by 2, instead of dividing. Dividing is correct. I will change it on SF, soon. -- ALbert Mietus Send prive mail to: [EMAIL PROTECTED] Send business mail to: [EMAIL PROTECTED] Don't send spam mail!