Future timestamps in /var/log/secure

• Previous message (by thread): Future timestamps in /var/log/secure
• Next message (by thread): Future timestamps in /var/log/secure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:
> the proftpd line happened to be the next line in the log.  the
> next simular ssh lines looks like (duplicate removed)
> 
> Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from UNKNOWN
> Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231 port 54111 ssh2

is it possible that a local user changed the time (maybe with a GUI app)
around the time of these attempts?

(failed attempts like this are normal for a machine hooked to the
internet without ACLs BTW, the problem is the strange timestamp <<for
the benefit of casual onlookers in the thread)

Gord

-- 
latest ITU-T declaration: all syslogs must show timestamps in Geneva
time

• Previous message (by thread): Future timestamps in /var/log/secure
• Next message (by thread): Future timestamps in /var/log/secure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]