From owner-freebsd-questions@FreeBSD.ORG Tue Oct 4 08:39:10 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03B77106564A for ; Tue, 4 Oct 2011 08:39:10 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 6A71F8FC0A for ; Tue, 4 Oct 2011 08:39:09 +0000 (UTC) Received: from seedling.local (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p948cslD006736 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 4 Oct 2011 09:38:54 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p948cslD006736 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1317717534; bh=UiiRmC0Y0bQ+6tHih2OTp/0cdo7Dv1oJOeSEuQX4ljo=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4E8AC616.4000904@infracaninophile.co.uk>|Date:=20T ue,=2004=20Oct=202011=2009:38:46=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20rv:7.0.1)=20Gecko/2 0110929=20Thunderbird/7.0.1|MIME-Version:=201.0|To:=20Janos=20Doha nics=20|CC:=20FreeBSD=20Questions=20|Subject:=20Re:=20Timestamps=20shifted=20by=2 08=20hours|References:=20<20111004002910.4c134251.web@3dresearch.c om>|In-Reply-To:=20<20111004002910.4c134251.web@3dresearch.com>|X- Enigmail-Version:=201.3.2|OpenPGP:=20id=3D60AE908C|Content-Type:=2 0multipart/signed=3B=20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"ap plication/pgp-signature"=3B=0D=0A=20boundary=3D"------------enig76 7FF060820A345459E6ECA8"; b=lq0DJ+PwawM/sH4gVZ74AUWsay9Id++YwNhngsTZu6TnPYYpCUq11vKzBBN2OypG1 Z/flRoIeJ6+2zpJ+6UkJyYq16WC02spfr3zFJC4QshnaZmuPKYB033HGbL+QubuKuF AHHpPYN/g9pNUpZMdhKEEdTMHFL88u3MdD0wEdZw= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host seedling.black-earth.co.uk [81.187.76.163] claimed to be seedling.local Message-ID: <4E8AC616.4000904@infracaninophile.co.uk> Date: Tue, 04 Oct 2011 09:38:46 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Janos Dohanics References: <20111004002910.4c134251.web@3dresearch.com> In-Reply-To: <20111004002910.4c134251.web@3dresearch.com> X-Enigmail-Version: 1.3.2 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig767FF060820A345459E6ECA8" X-Virus-Scanned: clamav-milter 0.97.2 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: FreeBSD Questions Subject: Re: Timestamps shifted by 8 hours X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2011 08:39:10 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig767FF060820A345459E6ECA8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/10/2011 05:29, Janos Dohanics wrote: > I have pfSense-2.0 for gateway/firewall (10.10.10.2). >=20 > 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE. >=20 > 10.10.10.252 is the ntpd server for this LAN. >=20 > On 10.10.10.2: >=20 > date = =20 > Tue Oct 4 00:00:42 EDT 2011 >=20 > On 10.10.10.252: >=20 > $date > Tue Oct 4 00:00:50 EDT 2011 > (just after logging out of 10.10.10.2, so they seem to be in sync) >=20 > However, timestamps in pfsense.log, residing on 10.10.10.252, are > shifted by 8 hours, for example: >=20 > $ tail -f /var/log/pfsense.log > Oct 4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match): [...] > ^^^^^^^^ >=20 > I guess I should read some man page... I'd say this is probably the standard thing about the system clock running UTC vs running wall-clock time. But 8 hours is /twice/ the difference between EDT and UTC -- which is suspicious. For dedicated FreeBSD machines I'd recommend running the system clock in UTC. That avoids a lot of pointless conversion between timezones when running ntpd (NTP basically works in UTC internally). So long as the file /etc/wall_cmos_clock *doesn't* exist the system clock assumes UTC -- see adjkerntz(8) for the details of how it all works. Also check the localtime setup with tzsetup(8). If you remove (or, indeed, add) /etc/wall_cmos_clock then your NTP system is suddenly going to find itself several hours out of synch. It will simply give up and collapse in a heap when this happens, so you will need to fix the system time and restart ntpd. There's more than one way to do that. * You can use date(1) to set the right time to within a minute or so, and then start ntpd. * You can use ntpdate(8) to step the clock into synch with NTP servers on the net by running 'etc/rc.d/ntpdate start' Note this is deprecated upstream by the ntp project because of the arbitrary changes it can make to the systems idea of the time of day. Computers really don't handle time going backwards gracefully. * Probably the preferred mechanism nowadays. Ensure you have 'ntpd_sync_on_start=3D"YES"' in /etc/rc.conf and just restart ntpd. This turns off the sanity checking on how far out the clock is allowed to be initially, so ntpd will slew the clock as far as it needs to get into synch. It only works like that immediately after restart. Use 'ntpd -q' to monitor how well your system is coming into synch with the NTP servers on your net. You don't say if your NTP server is a FreeBSD box or not, but the same arguments apply to any Unix-oid OS and you should make the same sort of checks there too, as well as on your firewall. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig767FF060820A345459E6ECA8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Kxh0ACgkQ8Mjk52CukIw93wCggbWVn4SAhfxdwAzyELZ2ef3I eesAn0gCqA1HaMJ0bhpzwBbMzvEnet4Q =cwtn -----END PGP SIGNATURE----- --------------enig767FF060820A345459E6ECA8--