[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Future timestamps in /var/log/secure
- Subject: Future timestamps in /var/log/secure
- From: jbfixurpc at gmail.com (Joe)
- Date: Fri, 26 Feb 2010 13:46:19 -0500
- In-reply-to: <[email protected]>
I happend upon this ( https://bugzilla.redhat.com/show_bug.cgi?id=193184 )
which seems to suggest/explain the occurrence. I know it was mentioned to be
in the CentOS distro, but I think this might have been adopted into that
distro as well since I see the same issues on a RedHat Distro. Not sure if
the article helps or hinders but good food for thought.
-Joe Blanchard
-----Original Message-----
From: Brielle Bruns [mailto:bruns at 2mbit.com]
Sent: Friday, February 26, 2010 1:29 PM
To: nanog at nanog.org
Subject: Re: Future timestamps in /var/log/secure
On 2/26/10 11:20 AM, Wade Peacock wrote:
> I found a while ago in /var/log/secure that for an invalid ssh login
> attempt the ssh Bye Bye line is in the future. I have searched the web
> and can not find a reason for the future time in the log.
>
> Here is a sample. Repeated lines are shown once in first part
>
>
> Feb 26 17:50:38 mx sshd[19115]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 17:50:38 mx sshd[19118]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 09:52:39 mx proftpd[17297]: mx.example.com
> (208.xxx.xxx.xxx[208.xxx.xxx.xxx]) - FTP no transfer timeout,
> disconnected
>
> Can anyone explain the future time stamp on the Bye Bye lines?
>
> OS is Centos 5.4, FYI
>
Isn't the timestamps inserted by syslog rather then the reporting
program itself?
What syslog do you use - classic (ie: sysklogd) or a modern one like
rsyslog? It almost looks like the timezone got changed from local to
GMT or similar, then swapped back (as odd as it may sound).
Perhaps time to file a bug report with the author of the syslog daemon
you use?
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org