[syslog-ng]use_time_recvd() not working?

Schernau, Ed syslog-ng@lists.balabit.hu
Wed, 30 Jun 2004 10:57:40 -0400 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.


------_=_NextPart_001_01C45EB2.96F1B8B0
Content-Type: text/plain

Last I knew, this only worked IF you logged via a template.

-----Original Message-----
From: Hall J D (ISeLS) [mailto:jdhall@glam.ac.uk] 
Sent: Wednesday, June 30, 2004 10:53 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]use_time_recvd() not working?



Hello all, 

I've recently installed Syslog-ng 1.6.2 on a FreeBSD 4.9 to act as my new
collector and I can't get the use_time_recvd() option to work properly.

No matter if I specify  use_time_recvd(yes) or  use_time_recvd(no) the
messages, from a Cisco PIX firewall, are still getting recorded with the
time from the message and not the local time.

Is this a know issue, or am I doing something really silly? 

Below are the relevant bits from my config 

Thanks, 

Jonathan 



options { long_hostnames(off); sync(0); use_time_recvd(yes); 
                create_dirs(yes); dir_perm(0750); }; 

source net {    udp(ip(193.63.147.98) port(514)); 
                tcp(ip(193.63.147.98) port(1740) keep-alive(yes)); }; 

destination fwall { file("/var/log/firewalls/$HOST.$YEAR.$MONTH.$DAY.log" 
                        perm(0640)); }; 

filter f_pixmsg { match("%PIX"); }; 

filter f_local0 { facility(local0); }; 

log { source(net); filter(f_local0); filter(f_pixmsg); destination(fwall);
}; 




-----------------------------------------
Use of email is inherently insecure. Confidential information, including account information, and personally identifiable information, should not be transmitted via email, or email attachment.  In no event shall Citizens or any of its affiliates accept any responsibility for the loss, use or misuse of any information including confidential information, which is sent to Citizens or its affiliates via email, or email attachment. Citizens does not guarantee the accuracy of any email or email attachment, that an email will be received by Citizens or that Citizens will respond to any email. 

This email message is confidential and/or privileged. It is to be used by the intended recipient only.  Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please notify the sender immediately and promptly destroy any record of this email.

------_=_NextPart_001_01C45EB2.96F1B8B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>=0D=0A<BODY>=0D=0A<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Trans=
itional//EN">=0D=0A<HTML><HEAD>=0D=0A<META HTTP-EQUIV=3D"Content-Type" CONT=
ENT=3D"text/html; charset=3Dus-ascii">=0D=0A<TITLE>Message</TITLE>=0D=0A=0D=
=0A<META content=3D"MSHTML 6=2E00=2E2800=2E1400" name=3DGENERATOR></HEAD>=
=0D=0A<BODY>=0D=0A<DIV><SPAN class=3D159285714-30062004><FONT face=3DArial =
color=3D#0000ff size=3D2>Last I =0D=0Aknew, this only worked IF you logged =
via a template=2E</FONT></SPAN></DIV>=0D=0A<BLOCKQUOTE dir=3Dltr style=3D"M=
ARGIN-RIGHT: 0px">=0D=0A  <DIV></DIV>=0D=0A  <DIV class=3DOutlookMessageHea=
der lang=3Den-us dir=3Dltr align=3Dleft><FONT =0D=0A  face=3DTahoma size=3D=
2>-----Original Message-----<BR><B>From:</B> Hall J D (ISeLS) =0D=0A  [mail=
to:jdhall@glam=2Eac=2Euk] <BR><B>Sent:</B> Wednesday, June 30, 2004 10:53 =
=0D=0A  AM<BR><B>To:</B> syslog-ng@lists=2Ebalabit=2Ehu<BR><B>Subject:</B> =
=0D=0A  [syslog-ng]use_time_recvd() not working?<BR><BR></FONT></DIV><!-- C=
onverted from text/rtf format -->=0D=0A  <P><FONT face=3DArial size=3D2>Hel=
lo all,</FONT> </P>=0D=0A  <P><FONT face=3DArial size=3D2>I've recently ins=
talled Syslog-ng 1=2E6=2E2 on a =0D=0A  FreeBSD 4=2E9 to act as my new coll=
ector and I can't get the use_time_recvd() =0D=0A  option to work properly=
=2E</FONT></P>=0D=0A  <P><FONT face=3DArial size=3D2>No matter if I specify=
&nbsp; use_time_recvd(yes) =0D=0A  or&nbsp; use_time_recvd(no) the messages=
, from a Cisco PIX firewall, are still =0D=0A  getting recorded with the ti=
me from the message and not the local =0D=0A  time=2E</FONT></P>=0D=0A  <P>=
<FONT face=3DArial size=3D2>Is this a know issue, or am I doing something =
=0D=0A  really silly?</FONT> </P>=0D=0A  <P><FONT face=3DArial size=3D2>Bel=
ow are the relevant bits from my config</FONT> =0D=0A  </P>=0D=0A  <P><FONT=
 face=3DArial size=3D2>Thanks,</FONT> </P>=0D=0A  <P><FONT face=3DArial siz=
e=3D2>Jonathan</FONT> </P><BR><BR>=0D=0A  <P><FONT face=3DArial size=3D2>op=
tions { long_hostnames(off); sync(0); =0D=0A  use_time_recvd(yes);</FONT> <=
BR><FONT face=3DArial =0D=0A  size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =0D=0A  create_dirs(=
yes); dir_perm(0750); };</FONT> </P>=0D=0A  <P><FONT face=3DArial size=3D2>=
source net {&nbsp;&nbsp;&nbsp; =0D=0A  udp(ip(193=2E63=2E147=2E98) port(514=
));</FONT> <BR><FONT face=3DArial =0D=0A  size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =0D=0A  =
tcp(ip(193=2E63=2E147=2E98) port(1740) keep-alive(yes)); };</FONT> </P>=0D=
=0A  <P><FONT face=3DArial size=3D2>destination fwall { =0D=0A  file("/var/=
log/firewalls/$HOST=2E$YEAR=2E$MONTH=2E$DAY=2Elog"</FONT> <BR><FONT =0D=0A =
 face=3DArial =0D=0A  size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp; =0D=0A  perm(0640)); };</FONT> </P>=0D=0A  <P><FONT fac=
e=3DArial size=3D2>filter f_pixmsg { match("%PIX"); };</FONT> </P>=0D=0A  <=
P><FONT face=3DArial size=3D2>filter f_local0 { facility(local0); };</FONT>=
 </P>=0D=0A  <P><FONT face=3DArial size=3D2>log { source(net); filter(f_loc=
al0); =0D=0A  filter(f_pixmsg); destination(fwall); };</FONT> </P></BLOCKQU=
OTE></BODY></HTML>=0D=0A=0D=0A=0D=0A<P><hr size=3D1></P>=0D=0A<P><STRONG>Us=
e of email is inherently insecure=2E Confidential information, including ac=
count information, and personally identifiable information, should not be t=
ransmitted via email, or email attachment=2E  In no event shall Citizens or=
 any of its affiliates accept any responsibility for the loss, use or misus=
e of any information including confidential information, which is sent to C=
itizens or its affiliates via email, or email attachment=2E Citizens does n=
ot guarantee the accuracy of any email or email attachment, that an email w=
ill be received by Citizens or that Citizens will respond to any email=2E <=
br><br>This email message is confidential and/or privileged=2E It is to be =
used by the intended recipient only=2E  Use of the information contained in=
 this email by anyone other than the intended recipient is strictly prohibi=
ted=2E If you have received this message in error, please notify the sender=
 immediately and promptly destroy any record of this email=2E</STRONG></P>=
=0D=0A</BODY>=0D=0A</HTML>=0D=0A
------_=_NextPart_001_01C45EB2.96F1B8B0--