[Dshield] Various Updates

Johannes B. Ullrich jullrich at euclidian.com
Thu Aug 9 00:50:12 GMT 2001


> For systems using Windows, timezone information is available from the
> operating system. I would be very surprised if Unix is not as sophisticated
> as Windows. I do not understand why we must specify our timezone when the
> operating system probably knows better than many (most) of us what to use.

The main problem comes in when you use a different system to send logs
than the system that collects them. The two systems may use different time
zones.

Unix can find out about its time zone (date +%z). And the newer clients
will use that by default. The problem is that most firewall logs do not
include the time zone on each line. Idealy, they should just be recorded
in UCT/GMT. But most sysadmins don't like this.

I know time zones are a weird issue, in particular with DST (I think it is
Indiana where some counties use DST while others dont).


-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System





More information about the list mailing list