8 June 2015

Of logs and time zones and systemd

Back in 2005 I wrote about syslog brokenness — specifically, the fact that each entry is logged in local time zone, but with no indication of what that time zone was at the moment the message was logged. Because time zones change, this means there are periods of time every year where log messages are ambiguous.

If your logging device moves across time zones, the problem is even worse, and sure enough, the problem has finally affected a real life case: we don’t know what happened just before the Amtrak 188 train derailed, because the timestamps on assorted logs were ambiguous.

Credit where credit is due, systemd gets this right: It logs in UTC always, and converts the timestamp to the current time zone for display when you query the logs via journalctl.

(Veteran systemd critic praises systemd, film at 11.)

© mathew 2017