3

The /var/log/messages file on an openSUSE 11.2 server shows invalid timestamps. Specifically, the timezone seems to be off for whatever process manages this file. I am unsure whether the times are supposed to be in UTC or in the server's local timezone, but currently they are in neither.

Example: UTC time is 8:14, which would be 9:14 in server local time, but a newly added line in /var/log/messages has a timestamp of 7:14. I am suspecting this to be the reason fail2ban does not ban anybody.

Different processes are adding lines to the log file, for instance cron and sshd, and both have invalid timestamps. The server's time has been updated and the server has not been restarted since, so could this possibly be a reason for the invalid timestamps?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
GregC
  • 163
  • 1
  • 1
  • 5

1 Answers1

4

Do you have NTP installed??

Are you using a UTC clock with the correct timezone?

Note: Im in Europe ( so i know that im +1 on UTC )

You should only have to set the time correctly (perhaps restarting a daemon or two )

Arenstar
  • 3,592
  • 2
  • 24
  • 34
  • We are using ntpd, though it was added later (neither server nor daemons were restarted since). Which demons would I have to restart to account for the time change? – GregC Nov 18 '10 at 09:42
  • if you type 'date' you should get the right time.. if so.. just restart a daemon thats logging wrong, and test it.. (it might be just simpler if your able to restart the server :D ) – Arenstar Nov 18 '10 at 09:44
  • 1
    Restarting the syslog daemon has indeed helped. Thanks! – GregC Nov 18 '10 at 09:55
  • Ahhh great :D glad to have helped solved your problems.. – Arenstar Nov 18 '10 at 11:56