Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 01 Feb 2014 07:48:56 -0800
From: Laurent Bercot <>
Subject: Re: syslog() always sends GMT timestamps

On 2014-02-01 01:09, Szabolcs Nagy wrote:

> yes there is nothing clearer than a 24 digit hexadecimal number
> representing time to the nanosecond
> at least the last 3-4 digits in the log can be used as a random
> sequence
> (i've seen this in practice and have no idea how anybody could
> ever think that it's a good idea.. must be some sysadmin logic
> that is beyond the reach of average mortals)

  I was half-trolling, but since you bit the hook:

  Historically, logs were made to be read by human beings, so it
made sense to print timestamps in a human-readable format. But it
is less and less the case. Logs are getting more and more
automatically processed, filtered, aggregated, analyzed, which is
a good thing. Humans nowadays only look at raw textual log data once
everything else has failed, including visualizing them in some web
interface that also processes them for display.

  So it actually makes more sense to write logs in a format that is
easily parsable and usable by *computers*, and timestamps are a big
part of it. Human time is complex to understand for computers (and
even for humans not living in the same time zone). TAI64N is simple,
and makes processing easy as pie. (Mmmm... pie.) Merging log files
chronologically ? Just cat all your log files together, pipe them
through sort, done. Oh, and it works with log files from other
machines all around the world, without a concern for timezones or
human time quirks such as DST, too. Want to strip the timestamps
for some reason ? Pipe your logs through "cut -c27-", done.

  And people can even read the raw files too, they just have to
run "s6-tai64nlocal < logfile | less" instead of "less logfile",
which is the simplest processing you could think of - a UNIX filter.
(I've heard that Great Sysadmins can understand TAI64N directly in
the text, but I couldn't tell, I'm not yet part of the Circle.)

  So, dear initiate, now that you know the greatness of automated
processing and of Unix filters, and have shaken off the myth that
logs have to be read exactly as they were written, you have risen
above average mortals, and are now a Sysadmin. Congratulations and
welcome !


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.