[Dshield] Client time zone (was Various Updates)
joe at glass.cl.msu.edu
Thu Aug 9 15:34:10 GMT 2001
Actually, date +%z is only a GNU date option, it's not a unix thing.
The dshield clients should have the capability of determining the time
zone without the GNU date utility. For that matter, to be completely
portable, the dshield client shouldn't use any utility or environment
variable to determine the time zone.
For example, Solaris uses the TZ environment variable, but this doesn't
really help because it's a text string and not a numeric zone. On top
of that it also depends on what the sysadmin feels like setting the date
root at onebox:~/$ echo $TZ
root at otherbox:~/$ echo $TZ
While it is true that most sysadmins don't like using UCT/GMT, wouldn't
you rather be completely portable? I think the best solution would be
to have the dshield client parse the date and then use built-in perl
functions convert it to GMT before sending it to the Dsheild server.
"Johannes B. Ullrich" wrote:
> Unix can find out about its time zone (date +%z). And the newer clients will use that by default. The problem is that most firewall logs do not include the time zone on each line. Idealy, they should just be recorded in UCT/GMT. But most sysadmins don't like this.
Technical Support Services, Michigan State University
phone: 517-355-4500 x240
e-mail: joe at glass.cl.msu.edu
More information about the list