Re: Syslog date/time format

From: Darren J Moffat (Darren.Moffat@Sun.COM)
Date: 12/05/01


Date: Wed, 05 Dec 2001 11:49:22 -0800
From: Darren J Moffat <Darren.Moffat@Sun.COM>
To: "Ogle Ron (Rennes)" <OgleR@thmulti.com>

Ogle Ron (Rennes) wrote:

> We are trying to create a centralized log repository for our *nix systems
> mostly of Solaris persuasion. The problem is that these systems are located
> around the globe in different time zones. We would like the central
> repository to collect the logs using GMT/UTC time.

Sounds like a reasonable thing to do.

 
> When syslog on the local machine sends a message to the central repository,
> it sends the message using it's own local time. This causes a problem when
> trying to correlate data. We would like to change all entries in the
> central repository to GMT/UTC time.

Yep because syslogd is running in what ever is the default timezone
for the host.

> It doesn't look like there are any switches available on the syslogd or
> syslog.conf to make the local machine use GMT/UTC time instead of local time

Correct there are no options for this in the Solaris syslogd.

> for log entries. I'm currently looking at modifying the syslogd code to
> allow for a switch that would allow the log program to use GMT/UTC time
> instead of the local time.
>
> First, is this the right approach to use in changing syslogd?

I would say the correct approach is to request that Sun enhance syslogd
to provide this functionality - the normal way to do that is for the
customer to call Sun Enterprise Services or their Sales rep and ask for
an RFE to be logged, this means it will be considered for a future
release.

 
> Second, does anyone have such a program already with source?

Unless you have the Solaris source you will have a hard time using a
3rd Party syslogd can keeping all the functionality.

> Third, it seems that the change should be from using the ctime() call in
> syslogd to using a combination of gmtime() and asctime(). Would this be
> correct?

That would be one way of doing it.

A much simpler way would be setting the TZ variable to GMT before
syslogd is started. You could do that by editing the /etc/init.d/syslog
startup script - of course that would be unsupported by Sun but so
would a modified from source syslogd. This method is much less risk.

-- 
Darren J Moffat



Relevant Pages

  • Re: Syslog date/time format
    ... > repository to collect the logs using GMT/UTC time. ... > it sends the message using it's own local time. ... I'm currently looking at modifying the syslogd code to ...
    (Focus-SUN)
  • Syslog date/time format
    ... We are trying to create a centralized log repository for our *nix systems ... repository to collect the logs using GMT/UTC time. ... it sends the message using it's own local time. ... I'm currently looking at modifying the syslogd code to ...
    (Focus-SUN)