On 2/26/2010 12:29 PM, Brielle Bruns wrote: > On 2/26/10 11:20 AM, Wade Peacock wrote: >> I found a while ago in /var/log/secure that for an invalid ssh login >> attempt the ssh Bye Bye line is in the future. I have searched the web >> and can not find a reason for the future time in the log. >> >> Here is a sample. Repeated lines are shown once in first part >> >> >> Feb 26 17:50:38 mx sshd[19115]: Received disconnect from >> 210.212.145.152: 11: Bye Bye >> Feb 26 17:50:38 mx sshd[19118]: Received disconnect from >> 210.212.145.152: 11: Bye Bye >> Feb 26 09:52:39 mx proftpd[17297]: mx.example.com >> (208.xxx.xxx.xxx[208.xxx.xxx.xxx]) - FTP no transfer timeout, disconnected >> >> Can anyone explain the future time stamp on the Bye Bye lines? >> >> OS is Centos 5.4, FYI >> > > > > Isn't the timestamps inserted by syslog rather then the reporting > program itself? > > What syslog do you use - classic (ie: sysklogd) or a modern one like > rsyslog? It almost looks like the timezone got changed from local to > GMT or similar, then swapped back (as odd as it may sound). > > Perhaps time to file a bug report with the author of the syslog daemon > you use?
Been a long time since I've dealt with this stuff, but it looks like the shell for proftpd has a different TZ from the one running the other stuff. (syslogd runs in the shell of the caller, right?) -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
