OpenSSH logging with GMT on Connection close?
Bill McGonigle
bill at bfccomputing.com
Wed Aug 20 20:54:28 EDT 2008
On Aug 19, 2008, at 10:11, Kevin D. Clark wrote:
> This is a really weird problem. I UTSL'd through the openssh-5.0p1
> code and I don't see any interesting differences between the
> login/logout code that uses syslog.
FWIW, I found a random page on google with somebody pointing out that
this is probably the privilege separation part and the 'user' part
doing different things.
> I thought about this quite a bit during my commute this morning and my
> best guess is that this might have something to do with how the TZ
> enviroment variable is configured in your environment?
Ah ... did you notice OpenSSH is using $TZ when you were UTSL'ing?
Fedora doesn't appear to set TZ, at least in the init scripts.
> If you are using syslog-ng
not currently (I should... or rsyslog at least)
> does using use_time_recvd help?
I expect it would!
On Aug 19, 2008, at 10:55, Michael Pelletier wrote:
> Are all the syslog entries in GMT, or only the OpenSSH timestamps?
> Do you
> have an example where an earlier entry shows a later time than a
> subsequent
> entry?
I think the snip I posted shows this - but perhaps I'm
misunderstanding your question.
> Also, be sure that your system timezone is set correctly,
Ack. I liked how distros used to symlink localtime to the correct
timezone, but then people got (probably rightly) worried that /usr
would be unavailable, so now I have /etc/localtime as a solitary
file, which to further complicate matters is a binary blob (why, oh,
why?). If I run:
zdump -v /etc/localtime
I get a bunch of rules for EST / EDT, so I think I have US/Eastern
properly selected. I did md5sum it, and then I md5summed the files
in /usr/share/zoneinfo, and there's no match, which is interesting.
Googling the md5sum of my /etc/localtime I see other people with the
'New_York' file with the same sum, so probably something in Fedora
isn't/didn't upgrade /etc/localtime last time a zonefile update came
out. Oops!
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list