[123038] in North American Network Operators' Group
Re: Future timestamps in /var/log/secure
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Fri Feb 26 14:52:36 2010
Date: Fri, 26 Feb 2010 11:52:22 -0800
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <1267213601.3736.1.camel@petrie>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/26/2010 11:46, William Pitcock wrote:
> On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
>> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
>>> The syslog message sent to the local unix socket (/dev/log
>>> or /dev/syslog) may contain a timestamp, in which case, that timestamp
>>> may be used instead of the local time. As the syslog protocol defines
>>> that timestamps are localtime, without any specification of what
>>> timezone localtime actually is, the TZ environment variable of the
>>> application calling syslog() will affect the timestamp placed in the
>>> log.
>>
>> aha! there you go, mine doesn't but maybe yours does?
>
> The specification for the syslog protocol is that timestamps embedded in
> the message should be used instead of syslogd's time. Most syslog
> daemons as a result apply this concept to both local and remote
> messages.
>
> You have to keep in mind that syslogd can also send/receive messages
> to/from remote destinations.
>
It's easier to see these timezone issues when using an ISO timestamp
like "2010-02-26T06:26:17-08:00" instead of the old style that omits the
timezone.
~Seth
