Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Oct 2011 10:45:48 -0400
From:      Janos Dohanics <web@3dresearch.com>
To:        Robert Bonomi <bonomi@mail.r-bonomi.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Timestamps shifted by 8 hours
Message-ID:  <20111004104548.7225482b.web@3dresearch.com>
In-Reply-To: <201110040905.p9495mLF001446@mail.r-bonomi.com>
References:  <20111004002910.4c134251.web@3dresearch.com> <201110040905.p9495mLF001446@mail.r-bonomi.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 4 Oct 2011 04:05:48 -0500 (CDT)
Robert Bonomi <bonomi@mail.r-bonomi.com> wrote:

> 
> > Date: Tue, 4 Oct 2011 00:29:10 -0400
> > From: Janos Dohanics <web@3dresearch.com>
> > To: FreeBSD Questions <freebsd-questions@freebsd.org>
> > Subject: Timestamps shifted by 8 hours
> >
> > I have pfSense-2.0 for gateway/firewall (10.10.10.2).
> >
> > 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE.
> >
> > 10.10.10.252 is the ntpd server for this LAN.
> >
> > On 10.10.10.2:
> >
> > date                                                                                
> > Tue Oct  4 00:00:42 EDT 2011
> >
> > On 10.10.10.252:
> >
> > $date
> > Tue Oct  4 00:00:50 EDT 2011
> > (just after logging out of 10.10.10.2, so they seem to be in sync)
> >
> > However, timestamps in pfsense.log, residing on 10.10.10.252, are
> > shifted by 8 hours, for example:
> >
> > $ tail -f /var/log/pfsense.log
> > Oct  4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match):
> > [...] ^^^^^^^^
> >
> > I guess I should read some man page...
> 
> I'll take your word that the 'error' is 8 hours.
> 
> Presuming that pfsense is logginvg via 'syslog', then, -on- the .252
> machine, try using the 'logger' commnd  to send messages to the 
> pfsense log file.   you'll need the '-p' switch to get the right
> facility and seveity level. 
> 
> *IF this logs with the 'wrong' time, then you have a 'local' problem
> onf the .252 machine.  It is booting up with the *wrong* timezone (GMT
> +4) specified for 'local' time  -- and _that_ timezone is in effect
> when syslog starts.  But, by the time you complete an interactive
> login, the 'environment' for your session says the timezone is
> US/Eastern (GMT-4), so a 'date' command, from the shell prompt, shows
> a grossly different offset from GMT than what the syslog deamon
> thinks the offset is.
> 
> *IF* 'logger' items from the .252 machine post correctly, then you
> need to try running 'logger' on the pfsense box, -first-, explicitly
> telling logger the -remote- (i.e., the .252 machine) host/port to log
> to, then -second-, _not_ specifying any host. and see how those log.

Thank you; I asked the wrong question in my first post:
http://lists.freebsd.org/pipermail/freebsd-questions/2011-October/234214.html

-- 
Janos Dohanics



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20111004104548.7225482b.web>