|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Crist J . Clark (cristjc
earthlink.net)Date: Wed Dec 05 2001 - 15:44:25 CST
On Wed, Dec 05, 2001 at 06:19:00PM +0100, Ogle Ron (Rennes) wrote:
> We are trying to create a centralized log repository for our *nix systems
> mostly of Solaris persuasion. The problem is that these systems are located
> around the globe in different time zones. We would like the central
> repository to collect the logs using GMT/UTC time.
>
> When syslog on the local machine sends a message to the central repository,
> it sends the message using it's own local time. This causes a problem when
> trying to correlate data. We would like to change all entries in the
> central repository to GMT/UTC time.
>
> It doesn't look like there are any switches available on the syslogd or
> syslog.conf to make the local machine use GMT/UTC time instead of local time
> for log entries. I'm currently looking at modifying the syslogd code to
> allow for a switch that would allow the log program to use GMT/UTC time
> instead of the local time.
>
> First, is this the right approach to use in changing syslogd?
RFC3164 says that the TIMESTAMP is the source machine's local time. So
this would actually break "the standard." But keep in mind RFC3164 is
more of a documentation of how most syslogds currently work rather than
a well thought out standard that was put down and the later syslogd
implementations followed. (In hindsight, a UNIX epoch timestamp would
be unambigious and an even more simple data format to send.)
-- Crist J. Clark | cjclark
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]