Date: Sat, 8 Jun 2002 17:51:13 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Antoine Beaupre <anarcat@anarcat.ath.cx> Cc: Aragon Gouveia <aragon@phat.za.net>, freebsd-stable@FreeBSD.ORG Subject: Re: out of place syslog entries Message-ID: <20020608175113.C53255@blossom.cjclark.org> In-Reply-To: <1AAD6C34-7A1C-11D6-8281-0050E4A0BB3F@anarcat.ath.cx>; from anarcat@anarcat.ath.cx on Fri, Jun 07, 2002 at 09:40:17AM -0400 References: <20020606142843.D93321@blossom.cjclark.org> <1AAD6C34-7A1C-11D6-8281-0050E4A0BB3F@anarcat.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 07, 2002 at 09:40:17AM -0400, Antoine Beaupre wrote:
> As a side note.. Why does syslog "trust" the time submitted by the
> client? Should syslogd add those dates instead of syslog() call?
>
> Just wondering.
A syslog message has potentially crossed multiple networks and
forwarders by the time it reaches the final server. The time it takes
to go from client to server may be non-negligible. The timestamp of the
server may not be accurate enough for certain uses. There is also the
case of a single client sending messages to multiple servers. It would
be weird to have different timestamps on the same message at each
server.
If you want to get server timestamps in addition to the one provided
by the client, it's not much work to get syslogd(8) to add another
timestamp of its own. Of course log entries like,
Jun 8 16:33:58 Jun 8 16:33:58 <local0.warn> buttercup ipmon[42]: 16:33:57.990246 de0 @0:5 b 68.60.184.121,4435 -> 12.234.91.48,1433 PR tcp len 20 48 -S 1408909047 0 16384 IN
Would look like they are obsessing a bit over the time. ;)
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020608175113.C53255>