SSH syslog lines disordered
Michael Velez
mikev777 at hotmail.com
Mon Apr 16 09:33:24 UTC 2007
> Hello,
>
> Would anyone know why the syslog generated by SSHD is jumping
> around in time?
> The date/time tags are after all created by the syslog
> daemon, so the date/time should be monotonically increasing.
> Instead, I see this, with lines marked 03:00 coming after
> lines marked 05:00 etc. I should probably mention that
> syslogd is configured to "not flush"
> the log after each line, but that should have not influence,
> shouldn't it?
>
If you're experiencing the same problem I had a few months ago, it is a
reported bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203671
The fix still seems to be pending.
The way I got around it is to create a hard link between
/var/empty/sshd/etc/localtime (needed to create a few of those directories)
to /etc/localtime. syslog uses the timezone of the client logging in. The
hard link creates a link between the localtime and the chroot'ed localtime.
I use a hard link because I'm not sure how a symbolic link would work
through a chroot and a simple copy would lose any new modifications to
/etc/localtime. It corrects the time issue (useful if you're running a
script that uses the time) but you still get duplicate messages. Works for
me.
Michael
More information about the redhat-list
mailing list