© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I'm seeing the same behavior out of rsyslogd. It shows up most frequently with CRON runs, but I've seen it on kernel syslog entries as well.
I'm shipping my logs into ELK, and I was noticing that old indices kept getting updated. When I dug into the issue, I saw that this was happening on a relatively regular basis (at least once a day). It is/was one particular cron job that generated the vast majority of the incorrect timestamps: one that ran once a minute (e.g. * * * * * /bin/true)
I've seen this happen on several Ubuntu hosts, mostly 14 LTS, but I think I've seen it in 12 LTS too. I've only recently started tracking this issue.
The timestamp can be off by hours to days.
When I see it happen, restarting rsyslogd makes the issue go away for a while.
- Daniel