Re: [logs] reinventing syslog [was: Secure Central Log Host]

• Previous message: Devin Kowatch: "Re: [logs] SDSC Secure Syslog"
• In reply to: Ogle Ron (Rennes): "RE: [logs] reinventing syslog [was: Secure Central Log Host]"
• Next in thread: Rainer Gerhards: "RE: [logs] reinventing syslog [was: Secure Central Log Host]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 06, 2002 at 01:07:16PM +0100, Ogle Ron (Rennes) wrote:
> The problem that we find working in a world wide environment is that syslog
> only processes logs in local time.  So even though the system is getting its
> time from a GMT time source, the syslog "corrects" the log output to GMT +
> timezone.  So when we collect these logs from around the world, we have to
> correct the log entries back to GMT time.  We've also experimented with
> moving all of the machines to GMT time.  The local admins don't like that
> option though.

Then use syslog-ng - it allows you to log in GMT if you wish:

destination d_messages {
  file("/var/log/messages"
  template("$R_DATE $HOST $MSG\n")
  };

In fact - I'd guess you can even log both the syslog server AND client
timestamps in the same record...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] reinventing syslog [was: Secure Central Log Host]"
• Previous message: Devin Kowatch: "Re: [logs] SDSC Secure Syslog"
• In reply to: Ogle Ron (Rennes): "RE: [logs] reinventing syslog [was: Secure Central Log Host]"
• Next in thread: Rainer Gerhards: "RE: [logs] reinventing syslog [was: Secure Central Log Host]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 08 2002 - 19:16:47 PST