Future timestamps in /var/log/secure

Larry Sheldon LarrySheldon at cox.net
Fri Feb 26 18:37:51 UTC 2010

On 2/26/2010 12:29 PM, Brielle Bruns wrote:
> On 2/26/10 11:20 AM, Wade Peacock wrote:
>> I found a while ago in /var/log/secure that for an invalid ssh login
>> attempt the ssh Bye Bye line is in the future. I have searched the web
>> and can not find a reason for the future time in the log.
>> Here is a sample. Repeated lines are shown once in first part
>> Feb 26 17:50:38 mx sshd[19115]: Received disconnect from
>> 11: Bye Bye
>> Feb 26 17:50:38 mx sshd[19118]: Received disconnect from
>> 11: Bye Bye
>> Feb 26 09:52:39 mx proftpd[17297]: mx.example.com
>> (208.xxx.xxx.xxx[208.xxx.xxx.xxx]) - FTP no transfer timeout, disconnected
>> Can anyone explain the future time stamp on the Bye Bye lines?
>> OS is Centos 5.4, FYI
> Isn't the timestamps inserted by syslog rather then the reporting 
> program itself?
> What syslog do you use - classic (ie: sysklogd) or a modern one like 
> rsyslog?  It almost looks like the timezone got changed from local to 
> GMT or similar, then swapped back (as odd as it may sound).
> Perhaps time to file a bug report with the author of the syslog daemon 
> you use?

Been a long time since I've dealt with this stuff, but it looks like the
shell for proftpd has a different TZ from the one running the other
stuff.  (syslogd runs in the shell of the caller, right?)

"Government big enough to supply everything you need is big enough to
take everything you have."

Remember:  The Ark was built by amateurs, the Titanic by professionals.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs

More information about the NANOG mailing list