Linux – Wrong timestamps in /var/log/messages

linuxloggingopensusesyslogtimezone

The /var/log/messages file on an openSUSE 11.2 server shows invalid timestamps. Specifically, the timezone seems to be off for whatever process manages this file. I am unsure whether the times are supposed to be in UTC or in the server's local timezone, but currently they are in neither.

Example: UTC time is 8:14, which would be 9:14 in server local time, but a newly added line in /var/log/messages has a timestamp of 7:14. I am suspecting this to be the reason fail2ban does not ban anybody.

Different processes are adding lines to the log file, for instance cron and sshd, and both have invalid timestamps. The server's time has been updated and the server has not been restarted since, so could this possibly be a reason for the invalid timestamps?

Best Answer

Do you have NTP installed??

Are you using a UTC clock with the correct timezone?

Note: Im in Europe ( so i know that im +1 on UTC )

You should only have to set the time correctly (perhaps restarting a daemon or two )

Related Solutions

Linux – the central syslog server appears to discard remote messages

I wasn't clear if you configured syslog on all of your clients or not. Your tcpdump seems to show inbound syslog traffic, but you might want check that you aren't simply seeing traffic from one remote syslog client. Be sure that Syslogd is configured on each client machine as well. You need to add a line which looks something like this, where syslog.example.org is your syslog server:

# Log all messages to central syslog server
*.*     @syslog.example.org

To verify this is working, use the logger(1) utility. I run a command like this on all of my machines in one window, often in a loop like for HOST in ALLOFMYHOSTS; do ssh $HOST 'logger'.....

logger -t stefantest stefantest1

Then in a separate window connected to the syslog, I do a tail -f /var/log/YOURLOGFILE |grep stefantest. This will confirm if syslog itself is working from each host or not. Then, go from there.

Ubuntu – How to log iptables in Ubuntu just in /var/log/firewall with rsyslogd

Use a discard action after the iptables log, but before the other logs.

kern.warning   /var/log/firewall.log
kern.warning   ~
*.*            /var/log/messages

Best Answer

Related Solutions

Linux – the central syslog server appears to discard remote messages

Ubuntu – How to log iptables in Ubuntu just in /var/log/firewall with rsyslogd

Related Topic