HPE Community
Operating System - HP-UX
1851252 Members
3182 Online
104057 Solutions
New Discussion

syslogd issue - messages not ordered by date

 
Andrei Lica_1
Advisor

‎02-24-2005 01:35 AM

‎02-24-2005 01:35 AM

syslogd issue - messages not ordered by date

I've noticed that syslog messages are not always logged in order ( by time/date field ) to /var/adm/syslog/syslog.log

For instance :
----
Feb 22 18:59:40 f01db01 sshd[4169]: pam_setcred: error Permission denied
Feb 22 12:03:29 f01db01 login: pam_authenticate: error No account present for user
Feb 22 12:03:31 f01db01 login: pam_authenticate error
Feb 22 12:03:31 f01db01 login: pam_acct_mgmt: error No account present for user
Feb 22 12:03:36 f01db01 login: warn_user_passwd_will_expire: -1 -1 12836 -1
Feb 22 19:06:18 f01db01 sshd[20331]: pam_setcred: error Permission denied
----

Is this a known syslog bug/feature ?
0 Kudos
Reply
8 REPLIES 8
RAC_1
Honored Contributor

‎02-24-2005 01:39 AM

‎02-24-2005 01:39 AM

Re: syslogd issue - messages not ordered by date

Was the time changed on server?? this should not happen.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
john korterman
Honored Contributor

‎02-24-2005 01:44 AM

‎02-24-2005 01:44 AM

Re: syslogd issue - messages not ordered by date

Hi,
if the system time was not changed, could there have been more than one syslogd running on the machine?

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Reply
Andrei Lica_1
Advisor

‎02-24-2005 01:52 AM

‎02-24-2005 01:52 AM

Re: syslogd issue - messages not ordered by date

no date changed

I think sometimes syslogd hangs for a period ( no messages logged ) then logs some old messages together with the new ones.
My version : HP-UX11.23 march 2004 patch
0 Kudos
Reply
Peter Godron
Honored Contributor

‎02-24-2005 02:27 AM

‎02-24-2005 02:27 AM

Re: syslogd issue - messages not ordered by date

Andrei,
having syslog 'hang' for 7 hours (12:03 until 19:06) would be a serious problem.
How can you be sure the time/timezone was not changed?
If this happens on a daily basis it may be worthwhile croning a job to ftp onto your machine every 10 minutes.
Regards
0 Kudos
Reply
RAC_1
Honored Contributor

‎02-24-2005 02:34 AM

‎02-24-2005 02:34 AM

Re: syslogd issue - messages not ordered by date

OK, put a script using logger that logs messages through syslogd to syslog.log file. Log test messages periodically and check the time stamps. man logger for details.

Something like following in cron.

0,10,20,30,40,50 * * * D /usr/bin/logger "Test Message $(date)"

Also check if you have the latest patches for syslogd

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Andrei Lica_1
Advisor

‎02-24-2005 02:47 AM

‎02-24-2005 02:47 AM

Re: syslogd issue - messages not ordered by date

> How can you be sure the time/timezone was not changed?

Hmm, this could be the cause only if 2 different processes are using diff. timezones ( ex: sshd and login ) and the logged time is given not by syslogd but by sshd|login.
I'm the admin of this server and I haven't changed the timezone ever.
I'm not sure syslogd hangs. Maybe syslogd receives messages from 2 different sources ( sockets ) and is having temporary problems reading from one source.
I'm using NTP for time sync.

0 Kudos
Reply
Andrei Lica_1
Advisor

‎02-24-2005 03:05 AM

‎02-24-2005 03:05 AM

Re: syslogd issue - messages not ordered by date

I've found this patch PHCO_29036 but is not for 11.23 version. Could be related to my problem :
http://www8.itrc.hp.com/service/patch/patchDetail.do?BC=patch.breadcrumb.main|patch.breadcrumb.releaseIndexPage|patch.breadcrumb.releasePage{5013-2132}|patch.breadcrumb.bundleAggPage{GOLDBASE11i:B.11.11.0406.5}|&patchid=PHCO_29036&context=hpux:800:11:11
This is the only syslogd patch for 11.23 but my problem is not mentioned here :
http://www8.itrc.hp.com/service/patch/patchDetail.do?BC=patch.breadcrumb.main|patch.breadcrumb.releaseIndexPage|patch.breadcrumb.releasePage{0409-11.23}|patch.breadcrumb.bundleAggPage{BUNDLE11i:B.11.23.0409.3}|&patchid=PHCO_31604&context=hpux:800:11:23

I can also try RAC's idea with sending messages at fixed intervals.
0 Kudos
Reply
RAC_1
Honored Contributor

‎02-24-2005 08:36 AM

‎02-24-2005 08:36 AM

Re: syslogd issue - messages not ordered by date

Is there something in sshd config file to this effect?? Aother exercise.

For one user change TZ and try ssh. check timestamp for this users ssh in syslog. But I bet this is not a problem.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.