That does make sense. I will try to simulate that with a temporary
virtual machine as a different timezone.
Wade
aha! there you go, mine doesn't but maybe yours does?
The specification for the syslog protocol is that timestamps embedded in
the message should be used instead of syslogd's time.
It might be prudent to mention that all of the connections of this type are
null routed via an iptables drop rule after three failed attempts via a "home
grown" daemon similar to DENYHOSTS. All traffic from host is DENIED for 120 days
unless we manually over ride it.
I do appreciate the cautionar
On 2/26/2010 11:46, William Pitcock wrote:
> On Fri, 2010-02-26 at 19:30 +, gordon b slater wrote:
>> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
>>> The syslog message sent to the local unix socket (/dev/log
>>> or /dev/syslog) may contain a timestamp, in which case, that timesta
On Fri, 2010-02-26 at 19:30 +, gordon b slater wrote:
> On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
> > The syslog message sent to the local unix socket (/dev/log
> > or /dev/syslog) may contain a timestamp, in which case, that timestamp
> > may be used instead of the local time.
On Fri, 26 Feb 2010 10:51:43 PST, Wade Peacock said:
> It is classic syslogd
> syslogd -v
>
>
> syslogd 1.4.1
>
> I was thinking timezone but we are PST (-8:00) so I can not explain the
> +12:00 difference.
Feb 26 09:50:38 mx sshd[19102]:
Feb 26 17:50:38 mx sshd[19113]:
That's 8 hours differ
On Fri, 2010-02-26 at 13:17 -0600, William Pitcock wrote:
> On Fri, 2010-02-26 at 11:29 -0700, Brielle Bruns wrote:
> > Isn't the timestamps inserted by syslog rather then the reporting
> > program itself?
>
> The syslog message sent to the local unix socket (/dev/log
> or /dev/syslog) may contai
bject: Re: Future timestamps in /var/log/secure
Sent: Feb 26, 2010 12:23 PM
On Fri, 2010-02-26 at 10:51 -0800, Wade Peacock wrote:
> I was thinking timezone but we are PST (-8:00) so I can not explain
> the
> +12:00 difference.
whois gives India? 12 hrs maybe? From a brief recon of it look
On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:
> the proftpd line happened to be the next line in the log. the
> next simular ssh lines looks like (duplicate removed)
>
> Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from
> UNKNOWN
> Feb 26 10:09:27 mx sshd[22261]
On Fri, 2010-02-26 at 10:51 -0800, Wade Peacock wrote:
> I was thinking timezone but we are PST (-8:00) so I can not explain
> the
> +12:00 difference.
whois gives India? 12 hrs maybe? From a brief recon of it looks a bit,
shall we say, "soft" - get your hat on just in case.
I can confirm that c
On Fri, 2010-02-26 at 11:29 -0700, Brielle Bruns wrote:
> Isn't the timestamps inserted by syslog rather then the reporting
> program itself?
The syslog message sent to the local unix socket (/dev/log
or /dev/syslog) may contain a timestamp, in which case, that timestamp
may be used instead of th
the proftpd line happened to be the next line in the log. the
next simular ssh lines looks like (duplicate removed)
Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from
UNKNOWN
Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231
port 54111 ssh2
It is classic syslogd
syslogd -v
syslogd 1.4.1
I was thinking timezone but we are PST (-8:00) so I can not explain the
+12:00 difference.
Isn't the timestamps inserted by syslog rather then the reporting
program itself?
What syslog do you use - classic (ie: sysklogd) or a modern one like
rs
On Fri, 2010-02-26 at 11:29 -0700, Brielle Bruns wrote:
> Isn't the timestamps inserted by syslog rather then the reporting
> program itself?
>
that's my understanding also (clarification: syslogs of your server have
timestamps of your syslegsserver's time, IMHO)
eg: on my Debain systems I don't
if
the article helps or hinders but good food for thought.
-Joe Blanchard
-Original Message-
From: Brielle Bruns [mailto:br...@2mbit.com]
Sent: Friday, February 26, 2010 1:29 PM
To: nanog@nanog.org
Subject: Re: Future timestamps in /var/log/secure
On 2/26/10 11:20 AM, Wade Peacock
On 2/26/2010 12:29 PM, Brielle Bruns wrote:
> On 2/26/10 11:20 AM, Wade Peacock wrote:
>> I found a while ago in /var/log/secure that for an invalid ssh login
>> attempt the ssh Bye Bye line is in the future. I have searched the web
>> and can not find a reason for the future time in the log.
>>
>>
On 2/26/10 11:20 AM, Wade Peacock wrote:
I found a while ago in /var/log/secure that for an invalid ssh login
attempt the ssh Bye Bye line is in the future. I have searched the web
and can not find a reason for the future time in the log.
Here is a sample. Repeated lines are shown once in first
16 matches
Mail list logo
