[syslog-ng]use_time_recvd(no) not working?

[Michael Renner]

Hi!

I've got a server (syslog-ng 1.5.14) with a innacurate system time (off by 
a minute) which logs to my master server (also syslog-ng 1.5.14). The 
option use_time_recvd(no) is in the masters config but the last changed 
time of the current logfile and the timestamps in the logfile are those of 
the senders server. Shouldn't the master syslog-ng strip all timestamp 
information from the logmessage and insert its own?

I noticed this (obviously mis)behaviour because the PAM-stuff on the 
inaccurate server went mad and sends syslog entries with (nearly) correct 
time but the date is set to 2001-12-31; all other services log with correct 
timestamps.

Here are some messages which cause the broken log-dates

--- snip ---

Mär  7 18:12:49 backup su: FAILED SU (to root) robe on /dev/pts/0
Mär  7 18:12:53 backup su: (to root) robe on /dev/pts/0
Mär  7 18:12:53 backup PAM-unix2[10112]: session started for user root, 
service su

--- snap ---

modify times of the two opened logfiles on the sending host (format is 
$HOST/$YEAR-$MONTH-$DAY):

-rw-------    1 root     root         3193 Mar  7 18:12 2001-12-31
-rw-------    1 root     root       196130 Mar  7 19:17 2002-03-07

and here on the master server:

-rw-------    1 root     root         1814 Mar  7 18:13 2001-12-31
-rw-------    1 root     root        39016 Mar  7 19:18 2002-03-07


a) do you have any tips on tracking down the problem with the broken 
pam-timestamps?
b) is the use_time_recvd() option broken/non-existant in 1.5.14 ?


mfg

-- 

Renner Michael
Junior System Engineer

Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699