Re: Future timestamps in /var/log/secure

[Seth Mattinen <sethm () rollernet us>]

On 2/26/2010 11:46, William Pitcock wrote:
> On Fri, 2010-02-26 at 19:30 +0000, gordon b slater wrote:
> > On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
> > > The syslog message sent to the local unix socket (/dev/log
> > > or /dev/syslog) may contain a timestamp, in which case, that timestamp
> > > may be used instead of the local time.  As the syslog protocol defines
> > > that timestamps are localtime, without any specification of what
> > > timezone localtime actually is, the TZ environment variable of the
> > > application calling syslog() will affect the timestamp placed in the
> > > log.
> >
> > aha! there you go, mine doesn't but maybe yours does?
>
> The specification for the syslog protocol is that timestamps embedded in
> the message should be used instead of syslogd's time.  Most syslog
> daemons as a result apply this concept to both local and remote
> messages.
>
> You have to keep in mind that syslogd can also send/receive messages
> to/from remote destinations.

It's easier to see these timezone issues when using an ISO timestamp
like "2010-02-26T06:26:17-08:00" instead of the old style that omits the
timezone.

~Seth