OpenSSH logging with GMT on Connection close?

Bill McGonigle bill at bfccomputing.com
Wed Aug 20 20:54:28 EDT 2008


On Aug 19, 2008, at 10:11, Kevin D. Clark wrote:

> This is a really weird problem.  I UTSL'd through the openssh-5.0p1
> code and I don't see any interesting differences between the
> login/logout code that uses syslog.

FWIW, I found a random page on google with somebody pointing out that  
this is probably the privilege separation part and the 'user' part  
doing different things.

> I thought about this quite a bit during my commute this morning and my
> best guess is that this might have something to do with how the TZ
> enviroment variable is configured in your environment?

Ah ... did you notice OpenSSH is using $TZ when you were UTSL'ing?   
Fedora doesn't appear to set TZ, at least in the init scripts.

> If you are using syslog-ng

not currently (I should... or rsyslog at least)

> does using use_time_recvd help?

I expect it would!

On Aug 19, 2008, at 10:55, Michael Pelletier wrote:

> Are all the syslog entries in GMT, or only the OpenSSH timestamps?   
> Do you
> have an example where an earlier entry shows a later time than a  
> subsequent
> entry?

I think the snip I posted shows this - but perhaps I'm  
misunderstanding your question.

> Also, be sure that your system timezone is set correctly,

Ack.  I liked how distros used to symlink localtime to the correct  
timezone, but then people got (probably rightly) worried that /usr  
would be unavailable, so now I have /etc/localtime as a solitary  
file, which to further complicate matters is a binary blob (why, oh,  
why?).  If I run:

   zdump -v /etc/localtime

I get a bunch of rules for EST / EDT, so I think I have US/Eastern  
properly selected.  I did md5sum it, and then I md5summed the files  
in /usr/share/zoneinfo, and there's no match, which is interesting.   
Googling the md5sum of my /etc/localtime I see other people with the  
'New_York' file with the same sum, so probably something in Fedora  
isn't/didn't upgrade /etc/localtime last time a zonefile update came  
out.  Oops!

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com		Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf



More information about the gnhlug-discuss mailing list