> > Actually, I think this is the easy part. Its a trivial > solution, but I > > think it works. I think we can require that a syslog > implementation - by > > default - sets a "I am not sure about my time" flag. This is changed > > only after the operator configures it to be differently. > This isn't really solving the prbolem it is doging the > problem. Using a > configuration variable for this parameter does not add any useful > information to the syslog message. If the admin set the parameter in > the first place then they know their time is correct so why > should enver > syslog message tell them that? Also it just lets the admin lie about > how correct their time is, so whats the use.
I am just responding to this because I think the other comments boild down to this one. My point is that some things my simply be overlooked. OK, we may not want to make it foolproof. But does it really hurt? IF the admin goes to the box and says "hey, you are synced" than at least the admin has put some manual effort and taken over the responsibility. If the box is just plugged and not properly configured, it will use the default which says "I can't be fully trusted". In a larger enterprise, a higher level admin (or a co-worker) may detect this failure which otherwise may be undetected. As I said, this is a real-world issue. We have changed the default in our products so that they DO NOT use the syslog message timestamp, simply because this caused too much trouble. Once we told customers to switch to replace it with the syslogd's local reception time, this trouble ends. I think this flag can adress the need. But maybe I am going overboard. Anyone else with comments? Rainer
