From owner-freebsd-stable Sat Jun 8 17:51:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 085D637B406 for ; Sat, 8 Jun 2002 17:51:25 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020609005121.TWBW2751.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sun, 9 Jun 2002 00:51:21 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g590pD162716; Sat, 8 Jun 2002 17:51:13 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sat, 8 Jun 2002 17:51:13 -0700 From: "Crist J. Clark" To: Antoine Beaupre Cc: Aragon Gouveia , freebsd-stable@FreeBSD.ORG Subject: Re: out of place syslog entries Message-ID: <20020608175113.C53255@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20020606142843.D93321@blossom.cjclark.org> <1AAD6C34-7A1C-11D6-8281-0050E4A0BB3F@anarcat.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1AAD6C34-7A1C-11D6-8281-0050E4A0BB3F@anarcat.ath.cx>; from anarcat@anarcat.ath.cx on Fri, Jun 07, 2002 at 09:40:17AM -0400 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 07, 2002 at 09:40:17AM -0400, Antoine Beaupre wrote: > As a side note.. Why does syslog "trust" the time submitted by the > client? Should syslogd add those dates instead of syslog() call? > > Just wondering. A syslog message has potentially crossed multiple networks and forwarders by the time it reaches the final server. The time it takes to go from client to server may be non-negligible. The timestamp of the server may not be accurate enough for certain uses. There is also the case of a single client sending messages to multiple servers. It would be weird to have different timestamps on the same message at each server. If you want to get server timestamps in addition to the one provided by the client, it's not much work to get syslogd(8) to add another timestamp of its own. Of course log entries like, Jun 8 16:33:58 Jun 8 16:33:58 buttercup ipmon[42]: 16:33:57.990246 de0 @0:5 b 68.60.184.121,4435 -> 12.234.91.48,1433 PR tcp len 20 48 -S 1408909047 0 16384 IN Would look like they are obsessing a bit over the time. ;) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message