On Fri, 2002-08-23 at 06:16, Chris Adams wrote: > On Thursday, August 22, 2002, at 10:20 , Bennett Todd wrote: > > And, if I ran the circus, the timestamps would be normalized to a > > reference timezone before I called 'em canon, and what's more the > > Very strong agreement on this point. I'd say Unix timestamp in GMT and > be done with it - translating to and from a Unix timestamp is hardly an > unusual or difficult task and it's much better to pick a well > established standard than deal with every weird calendar on the planet. Agreed! What would also be useful is some indication of the accuracy of the clock. We don't need this in every record but it would be useful in a file header. Also useful would be the ability to specify a time offset fot the log file, firstly to cope with files that are not UTC and secondly with inaccurate clocks where you happen to know the offset from some other source. This would help when loading files of log records into a database (or other process) for further analysis. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand "It aint necessarily so" - Gershwin _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 01:57:44 PDT