Menu
▾
▴
[Proftpd-user] ExtendedLog timestamps jump forward?
|
From: Thomas J. <tom...@gm...> - 2022-10-12 14:58:49
|
Hello, I noticed a strange behavior on a proftpd instance with ExtendedLog enabled. I am running proftpd version 1.3.6e from EPEL8 on RockyLinux, so maybe this is something fixed in a newer version? After enabling the ExtendedLog, I noticed that the hour field in the timestamp seems to jump forward by an hour for the first message of a connection. The subsequent messages for the connection reflect the correct hour. I have included example output below. Of less concern is the time offset in the timestamp, which is listed as +0000, when it should be -0400 for this machine. My ExtendedLog configuration is: LogFormat lfmt-custom "%t %a (%h) %l \"%r\" %s (%S)" ExtendedLog /var/log/proftpd/proftpd-extended.log ALL lfmt-custom Example log output is below with spaces added to separate connections [12/Oct/22:07:48:45 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "USER ... [12/Oct/22:06:48:45 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PASS ... [12/Oct/22:06:48:45 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "TYPE ... [12/Oct/22:06:48:45 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:06:48:45 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "NLST ... [12/Oct/22:06:48:46 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:06:48:47 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "APPE ... [12/Oct/22:06:48:48 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "QUIT"... [12/Oct/22:08:48:50 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "USER ... [12/Oct/22:07:48:51 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PASS ... [12/Oct/22:07:48:51 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "TYPE ... [12/Oct/22:07:48:51 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:07:48:51 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "NLST ... [12/Oct/22:07:48:52 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:07:48:52 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "APPE ... [12/Oct/22:07:48:53 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "QUIT"... [12/Oct/22:09:48:56 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "USER ... [12/Oct/22:08:48:56 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PASS ... [12/Oct/22:08:48:56 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "TYPE ... [12/Oct/22:08:48:56 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:08:48:56 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "NLST ... [12/Oct/22:08:48:57 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "PORT ... [12/Oct/22:08:48:57 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "APPE ... [12/Oct/22:08:48:58 +0000] 10.2.8.64 (10.2.8.64) UNKNOWN "QUIT"... Thanks! |
