[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Future timestamps in /var/log/secure

Subject: Future timestamps in /var/log/secure
From: gordslater at ieee.org (gordon b slater)
Date: Fri, 26 Feb 2010 18:50:02 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Fri, 2010-02-26 at 11:29 -0700, Brielle Bruns wrote:

> Isn't the timestamps inserted by syslog rather then the reporting 
> program itself?
> 
that's my understanding also (clarification: syslogs of your server have
timestamps of your syslegsserver's time, IMHO)
eg: on my Debain systems I don't split the logging to /var/log/secure, I
can usually handle a large log OK, but it's easy enough to get the
authpriv* stuff to log to /v/l/secure if needed. So, my point is,
syslogd.conf tells syslogd where to put them, and it stamps the time for
each entry.

> What syslog do you use - classic (ie: sysklogd) or a modern one like 
> rsyslog?  It almost looks like the timezone got changed from local to 
> GMT or similar, then swapped back (as odd as it may sound).


On a cautionary note, I've seen tz-change shenanigans to mask
unauthorised access before, so might be a good time to have quick poke
around with a tinfoil hat on, just in case. Don't have a  heart attack
tough, not yet :)

Gord

--
this .sig space reserved by ITU-T pending clarification of intentions

References:
- Future timestamps in /var/log/secure
  - From: wade.peacock at sunwave.net (Wade Peacock)
- Future timestamps in /var/log/secure
  - From: bruns at 2mbit.com (Brielle Bruns)

Prev by Date: [Fwd: [members-discuss] [ncc-announce] RIPE NCC Position On The ITU IPv6 Group]
Next by Date: Future timestamps in /var/log/secure
Previous by thread: Future timestamps in /var/log/secure
Next by thread: Future timestamps in /var/log/secure
Index(es):
- Date
- Thread