Re: Future timestamps in /var/log/secure

[Brielle Bruns <bruns () 2mbit com>]

On 2/26/10 11:20 AM, Wade Peacock wrote:
> I found a while ago in /var/log/secure that for an invalid ssh login
> attempt the ssh Bye Bye line is in the future. I have searched the web
> and can not find a reason for the future time in the log.
>
> Here is a sample. Repeated lines are shown once in first part
>
>
> Feb 26 17:50:38 mx sshd[19115]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 17:50:38 mx sshd[19118]: Received disconnect from
> 210.212.145.152: 11: Bye Bye
> Feb 26 09:52:39 mx proftpd[17297]: mx.example.com
> (208.xxx.xxx.xxx[208.xxx.xxx.xxx]) - FTP no transfer timeout, disconnected
>
> Can anyone explain the future time stamp on the Bye Bye lines?
>
> OS is Centos 5.4, FYI



Isn't the timestamps inserted by syslog rather then the reporting 
program itself?

What syslog do you use - classic (ie: sysklogd) or a modern one like 
rsyslog?  It almost looks like the timezone got changed from local to 
GMT or similar, then swapped back (as odd as it may sound).

Perhaps time to file a bug report with the author of the syslog daemon 
you use?


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org