I am in the process of developing a high-security timestamping regiment with NIST specifically to address the management of time data running inside a system's clock. This is complete with a PKI infrastructure and it will create evidentiary content for logging systems and the like. Todd Glassey ----- Original Message ----- From: "David Douthitt" <ssrat@mailbag.com> To: <syslog-ng@lists.balabit.hu> Sent: Friday, August 03, 2001 12:55 PM Subject: Re: [syslog-ng]timestamp issues
Mickey Everts wrote:
How is it possible to have out of order time stamps? My first thought
would
be that somehow the device itself is sending the timestamp.
That is the fact. The syslog entry contains the time from the source generating the syslog message.
Aug 2 15:11:24 ap01.yipes.com KERN: NV:Completed configuration save (secondary) operation Aug 2 15:10:47 t3-0-2-0.jp02.yipes.com mgd[13087]: UI_JUNOSCRIPT_ERROR: junoscript error: syntax error, expecting <command> Aug 2 15:11:26 t3-0-2-0.jp02.yipes.com mgd[13087]: UI_CMDLINE_READ_LINE: user 'auser', command 'start shell '
In this case, the time on ap01.yipes.com is ahead of that on t3-0-2-0.jp02.yipes.com. The best way to fix this is to run NTP (Network Time Protocol) on all of the servers; I recommend appointing one machine to be ntp.yipes.com, synchronizing it to some Internet NTP server, and let your entire company synchronize to ntp.yipes.com.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng