Future timestamps in /var/log/secure

Seth Mattinen sethm at rollernet.us
Fri Feb 26 13:52:22 CST 2010


On 2/26/2010 11:46, William Pitcock wrote:
> On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
>> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
>>> The syslog message sent to the local unix socket (/dev/log
>>> or /dev/syslog) may contain a timestamp, in which case, that timestamp
>>> may be used instead of the local time.  As the syslog protocol defines
>>> that timestamps are localtime, without any specification of what
>>> timezone localtime actually is, the TZ environment variable of the
>>> application calling syslog() will affect the timestamp placed in the
>>> log.
>>
>> aha! there you go, mine doesn't but maybe yours does?
> 
> The specification for the syslog protocol is that timestamps embedded in
> the message should be used instead of syslogd's time.  Most syslog
> daemons as a result apply this concept to both local and remote
> messages.
> 
> You have to keep in mind that syslogd can also send/receive messages
> to/from remote destinations.
> 

It's easier to see these timezone issues when using an ISO timestamp
like "2010-02-26T06:26:17-08:00" instead of the old style that omits the
timezone.

~Seth




More information about the NANOG mailing list