Ordering logs with different timestamp
Radu Vunvulea
VP of Cloud | Cloud Strategy and Transformation | Microsoft Regional Director | Microsoft MVP
More: https://vunvulearadu.blogspot.ro/2016/06/ordering-logs-with-different-timestamp.html
Time is relative? Yes, it is. When you need to write Audit Data and Logs, you don’t want to have a relative time on different systems.
There are different protocalls for time synchronization like NTP that can help us to synchronize the time on machines. Unfortunately, based on firewall configuration or the type of access we have on that machines we might not be able to use NTP protocol.
Even if we are using NTP, depending on server configuration we can have a deviation of 1-2s between machines. A deviation of a few seconds might not be too much until you write logs and you try them to order them based on time. In this situation, reading the logs is not so simple – the logs order will not match with the execution order of the actions that were logged. Trying to understand what happen inside the system wil be hard.
More: https://vunvulearadu.blogspot.ro/2016/06/ordering-logs-with-different-timestamp.html