Timestamp out of order in /var/log/messages file in RHEL5

Red Hat Enterprise Linux (RHEL) 5.4


Server crashed. When the messages files was viewed for events during that time, the timestamp is out of order.


Root Cause

The system clock is owned by the Operating System, and the hardware clock is owned by CMOS/BIOS. While the Server is running and operational, it will use the the system clock as the clock resource. The system clock is configured to receive time updates via NTP. The hardware clock's time has drifted slightly and was not up to date.

Diagnostic Steps

Reviewing /var/log/messages reveals the following behaviour:

Apr 12 14:45:14 <SERVER> shutdown[15050]: shutting down for system reboot
Apr 12 14:45:15 <SERVER> init: Switching to runlevel: 6

Apr 12 14:45:26 <SERVER> kernel: SysRq : Resetting
Apr 12 13:49:48 <SERVER> syslogd 1.4.1: restart.
Apr 12 13:49:48 <SERVER> kernel: klogd 1.4.1, log source = /proc/kmsg started.

