Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Oct 2011 09:38:46 +0100
From:      Matthew Seaman <>
To:        Janos Dohanics <>
Cc:        FreeBSD Questions <>
Subject:   Re: Timestamps shifted by 8 hours
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 04/10/2011 05:29, Janos Dohanics wrote:
> I have pfSense-2.0 for gateway/firewall (
> logs to, which runs FreeBSD 7.4-STABLE.
> is the ntpd server for this LAN.
> On
> date                                                                   =
> Tue Oct  4 00:00:42 EDT 2011
> On
> $date
> Tue Oct  4 00:00:50 EDT 2011
> (just after logging out of, so they seem to be in sync)
> However, timestamps in pfsense.log, residing on, are
> shifted by 8 hours, for example:
> $ tail -f /var/log/pfsense.log
> Oct  4 09:00:01 pf: 00:00:00.748775 rule 1/0(match): [...]
>        ^^^^^^^^
> I guess I should read some man page...

I'd say this is probably the standard thing about the system clock
running UTC vs running wall-clock time.  But 8 hours is /twice/ the
difference between EDT and UTC -- which is suspicious.

For dedicated FreeBSD machines I'd recommend running the system clock in
UTC.  That avoids a lot of pointless conversion between timezones when
running ntpd (NTP basically works in UTC internally).  So long as the
file /etc/wall_cmos_clock *doesn't* exist the system clock assumes UTC
-- see adjkerntz(8) for the details of how it all works.  Also check the
localtime setup with tzsetup(8).

If you remove (or, indeed, add) /etc/wall_cmos_clock then your NTP
system is suddenly going to find itself several hours out of synch.  It
will simply give up and collapse in a heap when this happens, so you
will need to fix the system time and restart ntpd.  There's more than
one way to do that.

   * You can use date(1) to set the right time to within a minute or
     so, and then start ntpd.

   * You can use ntpdate(8) to step the clock into synch with NTP
     servers on the net by running 'etc/rc.d/ntpdate start'  Note
     this is deprecated upstream by the ntp project because of the
     arbitrary changes it can make to the systems idea of the time of
     day.  Computers really don't handle time going backwards

   * Probably the preferred mechanism nowadays.  Ensure you have
     'ntpd_sync_on_start=3D"YES"' in /etc/rc.conf and just restart ntpd.
     This turns off the sanity checking on how far out the clock is
     allowed to be initially, so ntpd will slew the clock as far as it
     needs to get into synch.  It only works like that immediately
     after restart.

Use 'ntpd -q' to monitor how well your system is coming into synch with
the NTP servers on your net.

You don't say if your NTP server is a FreeBSD box or not, but the same
arguments apply to any Unix-oid OS and you should make the same sort of
checks there too, as well as on your firewall.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID:               Kent, CT11 9PW

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <>