[123037] in North American Network Operators' Group
Re: Future timestamps in /var/log/secure
daemon@ATHENA.MIT.EDU (William Pitcock)
Fri Feb 26 14:47:26 2010
From: William Pitcock <nenolod@systeminplace.net>
To: gordslater@ieee.org
In-Reply-To: <1267212636.26166.54.camel@ub-g-d2>
Date: Fri, 26 Feb 2010 13:46:41 -0600
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
> > The syslog message sent to the local unix socket (/dev/log
> > or /dev/syslog) may contain a timestamp, in which case, that timestamp
> > may be used instead of the local time. As the syslog protocol defines
> > that timestamps are localtime, without any specification of what
> > timezone localtime actually is, the TZ environment variable of the
> > application calling syslog() will affect the timestamp placed in the
> > log.
>
> aha! there you go, mine doesn't but maybe yours does?
The specification for the syslog protocol is that timestamps embedded in
the message should be used instead of syslogd's time. Most syslog
daemons as a result apply this concept to both local and remote
messages.
You have to keep in mind that syslogd can also send/receive messages
to/from remote destinations.
William
