Re: How to get syslog to log in GMT or any other time zone

On 31 Mar, 22:59, James Harris <james.harri...@xxxxxxxxxxxxxx> wrote:
I was slightly surprised to see the timestamps in syslog as follows
over the recent time change

Mar 29 00:58:01
Mar 29 00:59:01
Mar 29 02:00:01
Mar 29 02:00:25

Each line is followed by the server name and the log entry. Notably,
there's no indication of how the timezone changed.

Presumably this would be worse when the clocks change the other way in
that multiple entries would have the same time stamp.

I cannot find any way to change how sysklogd gets or formats its time.
Fixing logs to use GMT would be ideal.

Any ideas how to change the time zone in the logs? If relevant, this
is Ubuntu.

Thanks for the replies. I think I have a fix. In case anyone else
wants to do the same thing here is the solution.

I noticed (largely by guesswork) that the system date command takes
notice of a TZ environment variable.

$ echo $TZ

$ date
Wed Apr 1 11:15:58 BST 2009
$ export TZ=UTC
$ date
Wed Apr 1 10:16:16 UTC 2009
$

It turns out syslogd also honours the variable though this seems to be
undocumented. Anyway /etc/init.d/sysklogd contains this line

test ! -r /etc/default/syslogd || . /etc/default/syslogd

which picks up environment variables from the included file so I added
TZ=UTC to /etc/default/syslogd and restarted the daemon with

sudo /etc/init.d/sysklogd restart

Now the entries in syslog and other logs have the GMT time stamp.
Hopefully this should mean they remain stable when the clocks next
change.

James
.

Relevant Pages

  • Re: SBS SYSTEM But Oulook Question that I find scary! (Figured Out)
    ... The time stamp is the same when I tried it out... ... but creating two new emails like your 'before' and 'after' versions and examining the logs for them might show which was the real 'sent' one. ... Outlook will grudgingly show you the headers, but in a small window, and you still can't be sure it isn't hiding anything. ... Exporting an .eml file is about the best you can do, and I'm not absolutely certain you can do that from recent Outlooks. ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] syslog and network management
    ... Good idea to try a different syslogd. ... I don't need it to do any filtering (not by apps, ... recieve logs (checking to see if it needs to add host and timestamp to the ... we noticed a LOT of missing logs, when we changed to the default debian ...
    (Firewall-Wizards)
  • Re: [kde-linux] KDE 4.0.3 "Unable to load library" problem
    ... Yes, I use dedicated user account kde-devel, as advised in the tutorial. ... > Note that I list a *lot* of environment variables that need to be set. ... I set my LD_LIBRARY_PATH according to tutorial in my .bashrc file (included in my origial post along the build logs) ...
    (KDE)
  • syslogd: Could not completely output pending messages while preparing re-configuration
    ... Every 3:10 in the morning on Sunday, it logs: ... It seems like syslogd is buffering some of the output. ... # if a non-loghost machine chooses to have authentication messages ...
    (comp.unix.solaris)
  • Re: Prevent remote root logins
    ... autorized admins log on remotely with their personal accounts created ... Example: user evilguy, ... uid=0, copies a special syslogd to the box, kills and restarts syslogd ... you're cracked, and logging won't help you, because the logs are no ...
    (comp.os.linux.security)
Loading