Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Time date in logs not correct.

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 6 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • UnderstudyU
      Understudy
      last edited by

      Thank you both, I will check them as soon as I can get off the road and into the system.

      1 Reply Last reply Reply Quote 0
      • UnderstudyU
        Understudy @rcoleman-netgate
        last edited by

        @rcoleman-netgate said in Time date in logs not correct.:

        tail -n 25 /var/log/system.log

        [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: tail -n 25 /var/log/system.log
        Nov  2 19:00:30 Ignis php[13294]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
        Nov  2 19:00:30 Ignis php[13294]:
        Nov  2 19:11:00 Ignis sshguard[89538]: Exiting on signal.
        Nov  2 19:11:00 Ignis sshguard[39961]: Now monitoring attacks.
        Nov  2 20:00:00 Ignis php[38550]: [pfBlockerNG] Starting cron process.
        Nov  2 20:00:26 Ignis php[38550]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
        Nov  2 20:00:26 Ignis php[38550]:
        Nov  3 05:04:19 Ignis nginx: 2022/11/03 05:04:19 [error] 79510#100201: *617130 open() "/usr/local/www/Security/users" failed (2: No such file or directory), client: 70.80.211.151, server: , request: "GET /Security/users?auth=YWRtaW46MTEK HTTP/1.1", host: "xxx.xxx.xxx.94"
        Nov  2 20:22:00 Ignis sshguard[39961]: Exiting on signal.
        Nov  2 20:22:00 Ignis sshguard[43591]: Now monitoring attacks.
        Nov  2 21:00:00 Ignis php[83757]: [pfBlockerNG] Starting cron process.
        Nov  2 21:00:34 Ignis php[83757]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
        Nov  2 21:00:34 Ignis php[83757]:
        Nov  2 21:31:00 Ignis sshguard[43591]: Exiting on signal.
        Nov  2 21:31:00 Ignis sshguard[95664]: Now monitoring attacks.
        Nov  3 06:31:43 Ignis nginx: 2022/11/03 06:31:43 [error] 79510#100201: *617142 open() "/usr/local/www/robots.txt" failed (2: No such file or directory), client: 185.165.190.17, server: , request: "GET /robots.txt HTTP/1.1", host: "xxx.xxx.xxx.94"
        Nov  3 06:31:43 Ignis nginx: 2022/11/03 06:31:43 [error] 79510#100201: *617143 open() "/usr/local/www/sitemap.xml" failed (2: No such file or directory), client: 185.165.190.17, server: , request: "GET /sitemap.xml HTTP/1.1", host: "xxx.xxx.xxx.94"
        Nov  3 06:31:43 Ignis nginx: 2022/11/03 06:31:43 [error] 79510#100201: *617144 open() "/usr/local/www/.well-known/security.txt" failed (2: No such file or directory), client: 185.165.190.17, server: , request: "GET /.well-known/security.txt HTTP/1.1", host: "xxx.xxx.xxx.94"
        Nov  3 06:57:23 Ignis nginx: 2022/11/03 06:57:23 [error] 79510#100201: *617147 open() "/usr/local/www/boaform/admin/formLogin" failed (2: No such file or directory), client: 45.61.187.101, server: , request: "POST /boaform/admin/formLogin HTTP/1.1", host: "xxx.xxx.xxx.94:80", referrer: "http://xxx.xxx.xxx.94:80/admin/login.asp"
        Nov  2 22:00:00 Ignis php[38665]: [pfBlockerNG] Starting cron process.
        Nov  2 22:00:26 Ignis php[38665]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
        Nov  2 22:00:26 Ignis php[38665]:
        Nov  3 07:20:39 Ignis nginx: 2022/11/03 07:20:39 [error] 79194#100241: *617148 open() "/usr/local/www/home.asp" failed (2: No such file or directory), client: 107.182.129.219, server: , request: "GET /home.asp HTTP/1.1", host: "xxx.xxx.xxx.94:80"
        Nov  2 22:29:12 Ignis php-fpm[98064]: /index.php: Successful login for user 'admin' from: 192.168.1.91 (Local Database)
        Nov  2 22:31:13 Ignis sshd[78290]: Accepted keyboard-interactive/pam for admin from 99.178.151.122 port 63979 ssh2
        [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: date
        Wed Nov  2 22:35:33 EDT 2022
        

        and

        [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: tail -n 25 /var/log/filter.log
        Nov  3 07:36:37 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,232,28188,0,DF,1,icmp,36,15.188.65.218,xxx.xxx.xxx.89,request,27,1376816
        Nov  3 07:36:39 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,46206,0,none,6,tcp,40,185.156.73.107,xxx.xxx.xxx.94,47206,36912,0,S,1068734224,,1024,,
        Nov  3 07:36:40 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,239,54321,0,none,6,tcp,44,206.189.146.175,xxx.xxx.xxx.90,45855,3389,0,S,3012520328,,65535,,mss
        Nov  3 07:36:42 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x28,,237,11043,0,none,6,tcp,40,198.144.159.104,xxx.xxx.xxx.92,45200,31986,0,S,2623530125,,1024,,
        Nov  3 07:36:43 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,40875,0,none,6,tcp,40,5.188.206.134,xxx.xxx.xxx.94,42503,34698,0,S,3468798847,,1024,,
        Nov  3 07:36:46 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,46735,0,none,6,tcp,40,89.248.165.104,xxx.xxx.xxx.89,50390,50689,0,S,314754007,,1024,,
        Nov  3 07:36:46 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,234,18876,0,DF,6,tcp,40,61.1.25.228,xxx.xxx.xxx.94,55207,80,0,S,4053637015,,14600,,
        Nov  3 07:36:46 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,50800,0,none,6,tcp,40,5.188.206.134,xxx.xxx.xxx.88,42503,34698,0,S,455275170,,1024,,
        Nov  3 07:36:46 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,24370,0,none,6,tcp,40,5.188.206.134,xxx.xxx.xxx.89,42503,34698,0,S,495872993,,1024,,
        Nov  3 07:36:46 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,255,58626,0,none,17,udp,100,172.16.1.11,255.255.255.255,5678,5678,80
        Nov  3 07:36:46 Ignis filterlog[16230]: 69,,,12003,bridge0,match,block,in,4,0x0,,255,58626,0,none,17,udp,100,172.16.1.11,255.255.255.255,5678,5678,80
        Nov  3 07:36:46 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,255,58626,0,none,17,udp,100,172.16.1.11,255.255.255.255,5678,5678,80
        Nov  3 07:36:48 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,242,54321,0,none,6,tcp,40,64.62.197.103,xxx.xxx.xxx.90,55271,6379,0,S,1259739034,,65535,,
        Nov  3 07:36:51 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,41,12454,0,DF,6,tcp,52,218.74.148.31,xxx.xxx.xxx.92,63308,445,0,S,3587255221,,8192,,mss;nop;wscale;nop;nop;sackOK
        Nov  3 07:36:51 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,228,16754,0,DF,1,icmp,36,13.208.238.234,xxx.xxx.xxx.89,request,5,1022016
        Nov  3 07:36:53 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,229,19207,0,DF,1,icmp,36,3.127.220.127,xxx.xxx.xxx.89,request,26,1308816
        Nov  3 07:36:53 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,237,15418,0,none,6,tcp,40,46.161.27.96,xxx.xxx.xxx.89,49973,1111,0,S,2701232948,,1024,,
        Nov  3 07:36:53 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,41,12687,0,DF,6,tcp,52,218.74.148.31,xxx.xxx.xxx.92,63308,445,0,S,3587255221,,8192,,mss;nop;wscale;nop;nop;sackOK
        Nov  3 07:36:55 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,102,32223,0,none,6,tcp,44,183.136.225.42,xxx.xxx.xxx.88,8088,8161,0,S,3842244096,,29200,,mss
        Nov  3 07:36:56 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,41153,0,none,6,tcp,40,5.188.206.38,xxx.xxx.xxx.94,42016,43768,0,S,8173927,,1024,,
        Nov  3 07:36:56 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,218,46635,0,DF,1,icmp,36,18.183.137.44,xxx.xxx.xxx.89,request,5,2422116
        Nov  3 07:36:57 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,232,54321,0,none,6,tcp,44,139.59.26.21,xxx.xxx.xxx.89,37789,8888,0,S,3476618278,,65535,,mss
        Nov  3 07:36:59 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,236,43350,0,none,6,tcp,40,78.128.112.2,xxx.xxx.xxx.94,41519,38504,0,S,582454368,,1024,,
        Nov  3 07:37:02 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,50,65415,0,none,6,tcp,40,45.143.200.114,xxx.xxx.xxx.89,8080,31530,0,S,3329374196,,1024,,
        Nov  3 07:37:03 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x0,,236,58790,0,none,6,tcp,40,89.248.165.14,xxx.xxx.xxx.88,55931,30550,0,S,513745320,,1024,,
        [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root:date
        Wed Nov  2 22:41:02 EDT 2022
        
        1 Reply Last reply Reply Quote 0
        • UnderstudyU
          Understudy
          last edited by

          So the time in the logs is off. It appears to be off by like 9 hours.

          Still trying to figure this one out.

          Sincerely,
          Brendhan

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Is it exactly 9hrs?

            UnderstudyU 1 Reply Last reply Reply Quote 0
            • UnderstudyU
              Understudy @stephenw10
              last edited by

              @stephenw10

              I believe it is.

              Nov  3 22:36:45 Ignis filterlog[16230]: 82,,,1770008940,ix5,match,block,in,4,0x28,,12,39,0,DF,1,icmp,44,1.71.141.102,104.219.179.88,request,62198,3824
              Nov  3 22:36:46 Ignis filterlog[16230]: 4,,,1000000103,ix5,match,block,in,4,0x0,,235,8021,0,none,6,tcp,40,91.191.209.14,104.219.179.88,55893,40656,0,S,871183069,,1024,,
              [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: date
              Thu Nov  3 13:36:52 EDT 2022
              
              S 1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Hmm, curious. The timezone you have set is not 9hrs from UTC.

                Have you tried setting different TZ and then switching back? Or setting GMT+5 directly?

                UnderstudyU 1 Reply Last reply Reply Quote 1
                • S
                  serbus @Understudy
                  last edited by

                  Hello!

                  Have you restarted all of the relevant services since making any system timezone changes?

                  John

                  Lex parsimoniae

                  UnderstudyU 1 Reply Last reply Reply Quote 0
                  • UnderstudyU
                    Understudy @serbus
                    last edited by

                    @serbus Yes

                    1 Reply Last reply Reply Quote 0
                    • UnderstudyU
                      Understudy @stephenw10
                      last edited by Understudy

                      @stephenw10

                      [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: date
                      Thu Nov  3 13:38:02 -05 2022
                      

                      Screenshot 2022-11-03 144042.png

                      I have done that as suggested. I will let it run for a bit and see what the logs say. I thank you again for your help. It will be interesting because I am technically gmt -5 and I may have to do another restart. Which I will do later tonight.

                      Sincerely,
                      Brendhan

                      stephenw10S 1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator @Understudy
                        last edited by stephenw10

                        @understudy said in Time date in logs not correct.:

                        I am technically gmt -5

                        Not if you use the POSIX time format, which FreeBSD/pfSense does. ๐Ÿ˜‰
                        https://docs.netgate.com/pfsense/en/latest/troubleshooting/time-zone.html#clock-does-not-use-the-expected-zone-offset

                        1 Reply Last reply Reply Quote 1
                        • UnderstudyU
                          Understudy
                          last edited by

                          I am going to do a reboot also just to be sure.

                          Brendhan

                          1 Reply Last reply Reply Quote 0
                          • UnderstudyU
                            Understudy
                            last edited by

                            Okay, I did a reboot and checked the bios time. The bios time was off by two hours. It wasn't before so I am probably going to have to replace the cmos battery. As it stands right now it looks like the times for everything are correct. I am leaving it with posix time and making sure the ntpq -pn is good. I will check again in the morning to be sure and report back but initial reports look good.

                            [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: date
                            Thu Nov  3 17:15:46 -05 2022
                            [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root: ntpq -pn
                                 remote           refid      st t when poll reach   delay   offset  jitter
                            ==============================================================================
                             2.pfsense.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
                             0.north-america .POOL.          16 p    -   64    0    0.000   +0.000   0.000
                             1.north-america .POOL.          16 p    -   64    0    0.000   +0.000   0.000
                             2.north-america .POOL.          16 p    -   64    0    0.000   +0.000   0.000
                             216.197.156.83  .PPS.            1 u   24   64  377   87.111  -358288   1.279
                             198.211.103.209 206.108.0.131    2 u   19   64  377   36.503  -358289   0.932
                             159.203.158.197 128.59.0.245     2 u   19   64  377   37.168  -358289   0.977
                             157.245.141.244 129.6.15.29      2 u   23   64  377   38.057  -358289   2.271
                             12.167.151.1    158.51.134.123   3 u   17   64  377   36.220  -358291   0.514
                            +209.115.181.110 206.108.0.131    2 u   37   64    7   88.227  -358289   0.135
                            *167.99.186.165  129.6.15.28      2 u   30   64    7   48.159  -358289   0.748
                            [2.6.0-RELEASE][admin@Ignis.brendhanhorne.com]/root:
                            
                            S 1 Reply Last reply Reply Quote 0
                            • S
                              SteveITS Galactic Empire @Understudy
                              last edited by

                              @understudy The BIOS being off by exactly a multiple of an hour is frustrating to figure out. Much more obvious if it is 27 minutes. :)

                              re: some services using other times, I actually posted a log of that in a completely unrelated redmine, https://redmine.pfsense.org/issues/13593. That log entry was:

                              system log (14:07 is UTC, 9:07 is US CDT):

                              Oct 25 14:07:44 check_reload_status 353 Syncing firewall
                              Oct 25 14:07:44 php-fpm 69691 /pkg_mgr_install.php: Configuration Change: admin@ip (Local Database): Saved firmware branch setting.
                              Oct 25 09:07:13 pkg-static 50845 pfSense-repo upgraded: 2.6.0_8 -> 2.7.0.a.20221025.0600
                              Oct 25 09:07:11 pkg-static 47503 pkg upgraded: 1.17.5_2 -> 1.18.4_1
                              Oct 25 14:07:02 check_reload_status 353 Syncing firewall
                              Oct 25 14:07:01 php-fpm 69213 /pkg_mgr_install.php: Configuration Change: admin@ip (Local Database): Saved firmware branch setting.
                              

                              In that case it was the 5 hour time zone.

                              Not on pfSense, AFAIK, but I have set up Linux servers where if you change time zones some services don't pick it up until they restart.

                              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                              Upvote ๐Ÿ‘ helpful posts!

                              1 Reply Last reply Reply Quote 1
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.