security log timestamps

Support for security such as Firewalls and securing linux
Post Reply
jamesj
Posts: 4
Joined: 2008/06/12 22:25:40

security log timestamps

Post by jamesj » 2008/06/12 22:35:10

Hey everybody, I am new to the Cent forums, here is my question
I was reviewing the "secure" log in /var/log and I noticed some strange
differances in the timestamps of the messages
the first entry was 22:20:11
and the next was 15:32:33
and then 22:12:23 and so on.......
the date and year is clearly the same jun12th can anyone offer a possible explanation?

kentyler
Posts: 161
Joined: 2007/06/20 13:31:05
Location: Northeast Ohio
Contact:

security log timestamps

Post by kentyler » 2008/08/26 19:46:44

It's possible the message was queued to syslog but not completed prior to the other entries.

For instance a program writes a message to a syslog channel but does not complete the message being sent then terminates with the message being sent it would delay the timestamp.

You could suspend a program that was speaking with syslog and generate the same effect when you resumed it.

Post Reply

Return to “CentOS 4 - Security Support”