Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Oct 2011 09:50:26 -0400
From:      Janos Dohanics <web@3dresearch.com>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Timestamps shifted by 8 hours
Message-ID:  <20111004095026.69839e89.web@3dresearch.com>
In-Reply-To: <4E8AC616.4000904@infracaninophile.co.uk>
References:  <20111004002910.4c134251.web@3dresearch.com> <4E8AC616.4000904@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 04 Oct 2011 09:38:46 +0100
Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:

> On 04/10/2011 05:29, Janos Dohanics wrote:
> > I have pfSense-2.0 for gateway/firewall (10.10.10.2).
> > 
> > 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE.
> > 
> > 10.10.10.252 is the ntpd server for this LAN.
> > 
> > On 10.10.10.2:
> > 
> > date                                                                                
> > Tue Oct  4 00:00:42 EDT 2011
> > 
> > On 10.10.10.252:
> > 
> > $date
> > Tue Oct  4 00:00:50 EDT 2011
> > (just after logging out of 10.10.10.2, so they seem to be in sync)
> > 
> > However, timestamps in pfsense.log, residing on 10.10.10.252, are
> > shifted by 8 hours, for example:
> > 
> > $ tail -f /var/log/pfsense.log
> > Oct  4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match):
> > [...] ^^^^^^^^
> > 
> > I guess I should read some man page...

Thank you for your reply.

> I'd say this is probably the standard thing about the system clock
> running UTC vs running wall-clock time.  But 8 hours is /twice/ the
> difference between EDT and UTC -- which is suspicious.

Actually, it's 9 hours, not 8.

Just looked in /var/log/filter.log residing on 10.10.10.2. Timestamps
are ahead by 9 hours. However, date shows the correct time (correct to
a few seconds).

On the other hand, /var/log/system.log shows correct timestamps.

So, I asked the wrong question. The question I should be asking is: Why
are timestamps wrong in /var/log/filter.log even though date shows the
correct time? However, this question I should ask the pfSense list...

> For dedicated FreeBSD machines I'd recommend running the system clock
> in UTC.  That avoids a lot of pointless conversion between timezones
> when running ntpd (NTP basically works in UTC internally).  So long
> as the file /etc/wall_cmos_clock *doesn't* exist the system clock
> assumes UTC
> -- see adjkerntz(8) for the details of how it all works.  Also check
> the localtime setup with tzsetup(8).
> 
> [...]
> 
> You don't say if your NTP server is a FreeBSD box or not, but the same
> arguments apply to any Unix-oid OS and you should make the same sort
> of checks there too, as well as on your firewall.

It is, but doesn't seem to be relevant to the problem.

Thank you again,

-- 
Janos Dohanics



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111004095026.69839e89.web>