[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Future timestamps in /var/log/secure
- Subject: Future timestamps in /var/log/secure
- From: sethm at rollernet.us (Seth Mattinen)
- Date: Fri, 26 Feb 2010 11:52:22 -0800
- In-reply-to: <1267213601.3736.1.camel@petrie>
- References: <[email protected]> <[email protected]> <1267211840.4093.4.camel@petrie> <1267212636.26166.54.camel@ub-g-d2> <1267213601.3736.1.camel@petrie>
On 2/26/2010 11:46, William Pitcock wrote:
> On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
>> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
>>> The syslog message sent to the local unix socket (/dev/log
>>> or /dev/syslog) may contain a timestamp, in which case, that timestamp
>>> may be used instead of the local time. As the syslog protocol defines
>>> that timestamps are localtime, without any specification of what
>>> timezone localtime actually is, the TZ environment variable of the
>>> application calling syslog() will affect the timestamp placed in the
>>> log.
>>
>> aha! there you go, mine doesn't but maybe yours does?
>
> The specification for the syslog protocol is that timestamps embedded in
> the message should be used instead of syslogd's time. Most syslog
> daemons as a result apply this concept to both local and remote
> messages.
>
> You have to keep in mind that syslogd can also send/receive messages
> to/from remote destinations.
>
It's easier to see these timezone issues when using an ISO timestamp
like "2010-02-26T06:26:17-08:00" instead of the old style that omits the
timezone.
~Seth