From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4537 Path: news.gmane.org!not-for-mail From: Christian Wiese Newsgroups: gmane.linux.lib.musl.general Subject: Re: syslog() always sends GMT timestamps Date: Sat, 1 Feb 2014 12:01:23 +0100 Message-ID: <20140201120123.598c020a@mopad> References: <500a674a-fd43-49f5-99b8-6fd0b18ef5a2@email.android.com> <20140128171153.GL24286@brightrain.aerifal.cx> <770108a1-99d7-4ef0-b860-b045866c9895@email.android.com> <20140130043344.GR24286@brightrain.aerifal.cx> <20140130120413.GT1685@port70.net> <20140201005419.GZ24286@brightrain.aerifal.cx> <52EC4D3F.8090403@skarnet.org> <20140201090914.GW1685@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1391252518 11903 80.91.229.3 (1 Feb 2014 11:01:58 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 1 Feb 2014 11:01:58 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4541-gllmg-musl=m.gmane.org@lists.openwall.com Sat Feb 01 12:02:06 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1W9YKq-0005ZN-9V for gllmg-musl@plane.gmane.org; Sat, 01 Feb 2014 12:02:04 +0100 Original-Received: (qmail 22010 invoked by uid 550); 1 Feb 2014 11:02:03 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 22002 invoked from network); 1 Feb 2014 11:02:03 -0000 In-Reply-To: <20140201090914.GW1685@port70.net> X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; i686-pc-linux-gnu) Xref: news.gmane.org gmane.linux.lib.musl.general:4537 Archived-At: On Sat, 1 Feb 2014 10:09:14 +0100 Szabolcs Nagy wrote: > * Laurent Bercot [2014-01-31 17:26:23 > -0800]: > > As for timestamps, well, the right format to write them in is > > obviously neither UTC nor local time, but TAI64N. :) > > yes there is nothing clearer than a 24 digit hexadecimal number > representing time to the nanosecond > > at least the last 3-4 digits in the log can be used as a random > sequence > > (i've seen this in practice and have no idea how anybody could > ever think that it's a good idea.. must be some sysadmin logic > that is beyond the reach of average mortals) Of course the format is not very easy to read for humans but quite useful for machine processing, which is much more important imo because you will barely have an humanoid sitting there in front of the screen and looking for suspicious log entries. If a human needs to look at logs with TAI64N time stamps he/she is supposed to pipe the the log through a filter like 'tai64nlocal' which simply transforms the time stamp into a human friendly format. Besides that I think TAI64N time stamps can be quite useful in the case you need to correlate logs from a lots of hosts that have different local time settings. Doing this with logs that use local time stamps will be a task that is nearly impossible imo or at least needs quite some effort. Cheers, Chris