From owner-freebsd-questions@FreeBSD.ORG Tue Oct 4 13:50:39 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43B4D1065673 for ; Tue, 4 Oct 2011 13:50:39 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from smtp.3dresearch.com (dorabella.3dresearch.com [66.167.251.2]) by mx1.freebsd.org (Postfix) with ESMTP id E504F8FC1D for ; Tue, 4 Oct 2011 13:50:38 +0000 (UTC) Received: from fracasso.3dresearch.com (pool-72-95-206-99.pitbpa.east.verizon.net [72.95.206.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vmail.3dresearch.com (Postfix) with ESMTP id 2B47C119044; Tue, 4 Oct 2011 09:50:38 -0400 (EDT) Received: from fracasso.3dresearch.com (localhost [127.0.0.1]) by fracasso.3dresearch.com (Postfix) with SMTP id CEB185C48; Tue, 4 Oct 2011 09:50:34 -0400 (EDT) Date: Tue, 4 Oct 2011 09:50:26 -0400 From: Janos Dohanics To: Matthew Seaman Message-Id: <20111004095026.69839e89.web@3dresearch.com> In-Reply-To: <4E8AC616.4000904@infracaninophile.co.uk> References: <20111004002910.4c134251.web@3dresearch.com> <4E8AC616.4000904@infracaninophile.co.uk> X-Mailer: Sylpheed 3.1.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: Timestamps shifted by 8 hours X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2011 13:50:39 -0000 On Tue, 04 Oct 2011 09:38:46 +0100 Matthew Seaman wrote: > On 04/10/2011 05:29, Janos Dohanics wrote: > > I have pfSense-2.0 for gateway/firewall (10.10.10.2). > > > > 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE. > > > > 10.10.10.252 is the ntpd server for this LAN. > > > > On 10.10.10.2: > > > > date > > Tue Oct 4 00:00:42 EDT 2011 > > > > On 10.10.10.252: > > > > $date > > Tue Oct 4 00:00:50 EDT 2011 > > (just after logging out of 10.10.10.2, so they seem to be in sync) > > > > However, timestamps in pfsense.log, residing on 10.10.10.252, are > > shifted by 8 hours, for example: > > > > $ tail -f /var/log/pfsense.log > > Oct 4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match): > > [...] ^^^^^^^^ > > > > I guess I should read some man page... Thank you for your reply. > I'd say this is probably the standard thing about the system clock > running UTC vs running wall-clock time. But 8 hours is /twice/ the > difference between EDT and UTC -- which is suspicious. Actually, it's 9 hours, not 8. Just looked in /var/log/filter.log residing on 10.10.10.2. Timestamps are ahead by 9 hours. However, date shows the correct time (correct to a few seconds). On the other hand, /var/log/system.log shows correct timestamps. So, I asked the wrong question. The question I should be asking is: Why are timestamps wrong in /var/log/filter.log even though date shows the correct time? However, this question I should ask the pfSense list... > For dedicated FreeBSD machines I'd recommend running the system clock > in UTC. That avoids a lot of pointless conversion between timezones > when running ntpd (NTP basically works in UTC internally). So long > as the file /etc/wall_cmos_clock *doesn't* exist the system clock > assumes UTC > -- see adjkerntz(8) for the details of how it all works. Also check > the localtime setup with tzsetup(8). > > [...] > > You don't say if your NTP server is a FreeBSD box or not, but the same > arguments apply to any Unix-oid OS and you should make the same sort > of checks there too, as well as on your firewall. It is, but doesn't seem to be relevant to the problem. Thank you again, -- Janos Dohanics