Future timestamps in /var/log/secure

William Pitcock nenolod at systeminplace.net
Fri Feb 26 19:46:41 UTC 2010


On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
> > The syslog message sent to the local unix socket (/dev/log
> > or /dev/syslog) may contain a timestamp, in which case, that timestamp
> > may be used instead of the local time.  As the syslog protocol defines
> > that timestamps are localtime, without any specification of what
> > timezone localtime actually is, the TZ environment variable of the
> > application calling syslog() will affect the timestamp placed in the
> > log.
> 
> aha! there you go, mine doesn't but maybe yours does?

The specification for the syslog protocol is that timestamps embedded in
the message should be used instead of syslogd's time.  Most syslog
daemons as a result apply this concept to both local and remote
messages.

You have to keep in mind that syslogd can also send/receive messages
to/from remote destinations.

William





More information about the NANOG mailing list