On Tue, Aug 27, 2002 at 02:57:39PM +1200, Russell Fulton wrote:
> 2/ Some machines are constantly sync'ed using NTP some sync'ed on boot,
> some are not sync'ed at all. Having that information included with the
> log file could be useful if at some time in the future you need to do
> correlations with other files. If you don't know how accurate the
> clocks are it is dam near impossible.
I'm not sure I understand you correctly, but are you commenting on how
syslog logs the timestamp according to the client instead of the server for
each record?
If that's so, use syslog-ng which allows you to override that so that each
syslog record has the current timestamp of the syslog server instead of the
time of the client:
destination d_messages {
file("/var/log/messages"
template("$R_DATE $HOST $MSG\n")
create_dirs(yes)
};
We're running centralized logging systems world-wide. Without this feature,
our syslog messages would be next to useless.
Oh yeah - UTC is a Good Thing too! :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 10:50:32 PDT