[123025] in North American Network Operators' Group
RE: Future timestamps in /var/log/secure
daemon@ATHENA.MIT.EDU (Joe)
Fri Feb 26 13:48:01 2010
From: "Joe" <jbfixurpc@gmail.com>
To: "'Brielle Bruns'" <bruns@2mbit.com>,
<nanog@nanog.org>
Date: Fri, 26 Feb 2010 13:46:19 -0500
In-Reply-To: <4B8812EE.2020003@2mbit.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I happend upon this ( =
https://bugzilla.redhat.com/show_bug.cgi?id=3D193184 )
which seems to suggest/explain the occurrence. I know it was mentioned =
to be
in the CentOS distro, but I think this might have been adopted into that
distro as well since I see the same issues on a RedHat Distro. Not sure =
if
the article helps or hinders but good food for thought.
-Joe Blanchard
-----Original Message-----
From: Brielle Bruns [mailto:bruns@2mbit.com]=20
Sent: Friday, February 26, 2010 1:29 PM
To: nanog@nanog.org
Subject: Re: Future timestamps in /var/log/secure
On 2/26/10 11:20 AM, Wade Peacock wrote:
> I found a while ago in /var/log/secure that for an invalid ssh login=20
> attempt the ssh Bye Bye line is in the future. I have searched the web =
> and can not find a reason for the future time in the log.
>
> Here is a sample. Repeated lines are shown once in first part
>
>
> Feb 26 17:50:38 mx sshd[19115]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 17:50:38 mx sshd[19118]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 09:52:39 mx proftpd[17297]: mx.example.com
> (208.xxx.xxx.xxx[208.xxx.xxx.xxx]) - FTP no transfer timeout,=20
> disconnected
>
> Can anyone explain the future time stamp on the Bye Bye lines?
>
> OS is Centos 5.4, FYI
>
Isn't the timestamps inserted by syslog rather then the reporting=20
program itself?
What syslog do you use - classic (ie: sysklogd) or a modern one like=20
rsyslog? It almost looks like the timezone got changed from local to=20
GMT or similar, then swapped back (as odd as it may sound).
Perhaps time to file a bug report with the author of the syslog daemon=20
you use?
--=20
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
