Date: Tue, 04 Oct 2011 09:38:46 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Janos Dohanics <web@3dresearch.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Timestamps shifted by 8 hours Message-ID: <4E8AC616.4000904@infracaninophile.co.uk> In-Reply-To: <20111004002910.4c134251.web@3dresearch.com> References: <20111004002910.4c134251.web@3dresearch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig767FF060820A345459E6ECA8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 04/10/2011 05:29, Janos Dohanics wrote:
> I have pfSense-2.0 for gateway/firewall (10.10.10.2).
>=20
> 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE.
>=20
> 10.10.10.252 is the ntpd server for this LAN.
>=20
> On 10.10.10.2:
>=20
> date =
=20
> Tue Oct 4 00:00:42 EDT 2011
>=20
> On 10.10.10.252:
>=20
> $date
> Tue Oct 4 00:00:50 EDT 2011
> (just after logging out of 10.10.10.2, so they seem to be in sync)
>=20
> However, timestamps in pfsense.log, residing on 10.10.10.252, are
> shifted by 8 hours, for example:
>=20
> $ tail -f /var/log/pfsense.log
> Oct 4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match): [...]
> ^^^^^^^^
>=20
> I guess I should read some man page...
I'd say this is probably the standard thing about the system clock
running UTC vs running wall-clock time. But 8 hours is /twice/ the
difference between EDT and UTC -- which is suspicious.
For dedicated FreeBSD machines I'd recommend running the system clock in
UTC. That avoids a lot of pointless conversion between timezones when
running ntpd (NTP basically works in UTC internally). So long as the
file /etc/wall_cmos_clock *doesn't* exist the system clock assumes UTC
-- see adjkerntz(8) for the details of how it all works. Also check the
localtime setup with tzsetup(8).
If you remove (or, indeed, add) /etc/wall_cmos_clock then your NTP
system is suddenly going to find itself several hours out of synch. It
will simply give up and collapse in a heap when this happens, so you
will need to fix the system time and restart ntpd. There's more than
one way to do that.
* You can use date(1) to set the right time to within a minute or
so, and then start ntpd.
* You can use ntpdate(8) to step the clock into synch with NTP
servers on the net by running 'etc/rc.d/ntpdate start' Note
this is deprecated upstream by the ntp project because of the
arbitrary changes it can make to the systems idea of the time of
day. Computers really don't handle time going backwards
gracefully.
* Probably the preferred mechanism nowadays. Ensure you have
'ntpd_sync_on_start=3D"YES"' in /etc/rc.conf and just restart ntpd.
This turns off the sanity checking on how far out the clock is
allowed to be initially, so ntpd will slew the clock as far as it
needs to get into synch. It only works like that immediately
after restart.
Use 'ntpd -q' to monitor how well your system is coming into synch with
the NTP servers on your net.
You don't say if your NTP server is a FreeBSD box or not, but the same
arguments apply to any Unix-oid OS and you should make the same sort of
checks there too, as well as on your firewall.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enig767FF060820A345459E6ECA8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6Kxh0ACgkQ8Mjk52CukIw93wCggbWVn4SAhfxdwAzyELZ2ef3I
eesAn0gCqA1HaMJ0bhpzwBbMzvEnet4Q
=cwtn
-----END PGP SIGNATURE-----
--------------enig767FF060820A345459E6ECA8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8AC616.4000904>