Timestamps shifted by 8 hours

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Oct 4 08:39:10 UTC 2011 

On 04/10/2011 05:29, Janos Dohanics wrote:
> I have pfSense-2.0 for gateway/firewall (10.10.10.2).
> 
> 10.10.10.2 logs to 10.10.10.252, which runs FreeBSD 7.4-STABLE.
> 
> 10.10.10.252 is the ntpd server for this LAN.
> 
> On 10.10.10.2:
> 
> date                                                                                
> Tue Oct  4 00:00:42 EDT 2011
> 
> On 10.10.10.252:
> 
> $date
> Tue Oct  4 00:00:50 EDT 2011
> (just after logging out of 10.10.10.2, so they seem to be in sync)
> 
> However, timestamps in pfsense.log, residing on 10.10.10.252, are
> shifted by 8 hours, for example:
> 
> $ tail -f /var/log/pfsense.log
> Oct  4 09:00:01 10.10.10.2 pf: 00:00:00.748775 rule 1/0(match): [...]
>        ^^^^^^^^
> 
> I guess I should read some man page...

I'd say this is probably the standard thing about the system clock
running UTC vs running wall-clock time.  But 8 hours is /twice/ the
difference between EDT and UTC -- which is suspicious.

For dedicated FreeBSD machines I'd recommend running the system clock in
UTC.  That avoids a lot of pointless conversion between timezones when
running ntpd (NTP basically works in UTC internally).  So long as the
file /etc/wall_cmos_clock *doesn't* exist the system clock assumes UTC
-- see adjkerntz(8) for the details of how it all works.  Also check the
localtime setup with tzsetup(8).

If you remove (or, indeed, add) /etc/wall_cmos_clock then your NTP
system is suddenly going to find itself several hours out of synch.  It
will simply give up and collapse in a heap when this happens, so you
will need to fix the system time and restart ntpd.  There's more than
one way to do that.

   * You can use date(1) to set the right time to within a minute or
     so, and then start ntpd.

   * You can use ntpdate(8) to step the clock into synch with NTP
     servers on the net by running 'etc/rc.d/ntpdate start'  Note
     this is deprecated upstream by the ntp project because of the
     arbitrary changes it can make to the systems idea of the time of
     day.  Computers really don't handle time going backwards
     gracefully.

   * Probably the preferred mechanism nowadays.  Ensure you have
     'ntpd_sync_on_start="YES"' in /etc/rc.conf and just restart ntpd.
     This turns off the sanity checking on how far out the clock is
     allowed to be initially, so ntpd will slew the clock as far as it
     needs to get into synch.  It only works like that immediately
     after restart.

Use 'ntpd -q' to monitor how well your system is coming into synch with
the NTP servers on your net.

You don't say if your NTP server is a FreeBSD box or not, but the same
arguments apply to any Unix-oid OS and you should make the same sort of
checks there too, as well as on your firewall.

	Cheers,

	Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20111004/73663557/signature.pgp

More information about the freebsd-questions mailing list