<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi Bazsi,<div class="">Thanks for the info.</div><div class="">Do you think that can affect also the ‘year’ behaviour?</div><div class=""><br class=""></div><div class="">I would love to provide some help testing this... but I am not good at it :(</div><div class=""><br class=""></div><div class="">Thanks for the explanation and for pointing at the mod.</div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Marco</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 22 Nov 2016, at 23:41, Balazs Scheidler <<a href="mailto:bazsi77@gmail.com" class="">bazsi77@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">The issue is that syslog-ng only processes mixed case month names, e.g. "Nov" instead of "NOV"<br class=""><br class=""></div>This pull request contains the as-of-now unmerged fix:<br class=""><a href="https://github.com/balabit/syslog-ng/pull/1263" class="">https://github.com/balabit/syslog-ng/pull/1263</a><br class=""><br class=""><br class=""></div>Any testing is absolutely welcome.<br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Tue, Nov 22, 2016 at 12:30 PM, Marco Mignone <span dir="ltr" class=""><<a href="mailto:info@marcomignone.com" target="_blank" class="">info@marcomignone.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">Hi All,</div><div class="">I am experiencing a weird problem with Syslog-NG 3.8.1 on Ubuntu 14.04</div><div class=""><br class=""></div><div class="">When syslog receives syslog messages from couple of specific nodes it saves it on a destination folder as per the config below:</div><div class=""><br class=""></div><div class=""><div class="">source s_rohnet {</div><div class="">  network(</div><div class="">    transport("udp")</div><div class="">  );</div><div class="">};</div><div class=""><br class=""></div><div class="">destination d_rohnet_switches {</div><div class="">  file("/var/log/ROHNetwork/${<wbr class="">YEAR}.${WEEK}/${HOST}.log" create-dirs(yes) dir-owner("rohadmin"));</div><div class="">};</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The devices are NTP synchronised and the date output is correct on the Ubuntu server:</div><div class=""><br class=""></div><div class="">>date<div class=""><br class=""></div><div class="">Tue Nov 22 11:21:14 GMT 2016</div></div><div class=""><br class=""></div><div class="">Beside these the log folders created where the files gets stored are: <b class="">/2015.51</b>/192.168.33.8.log (it should be /<b class="">2016.47</b>/).</div><div class=""><br class=""></div><div class="">This is happening only for two nodes while all the rest seems to work fine.</div><div class=""><br class=""></div><div class="">I have captured some network traffic and the message received by syslog-ng on the network card seems also correct as per Wireshark output:</div><div class=""><br class=""></div><div class="">Syslog message: LOCAL6.NOTICE:  NOV 22 10:31:23 192.168.33.8-1 CMDLOGGER[165319912]: cmd_logger_api.c(83) 13518 %% CLI:192.168.32.100:root:User  logged in</div><div class=""><br class=""></div><div class="">This is a Dell switch and I am opening a case with them but I would like to know where else I should check for configuration errors.</div><div class=""><br class=""></div><div class="">Syslog config is exactly the one reported above.</div><div class=""><br class=""></div><div class="">Any idea of what I could check for further troubleshooting on the Syslog side? </div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Marco</div></div><br class="">______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class="">
<br class="">
<br class=""></blockquote></div><br class=""><br clear="all" class=""><br class="">-- <br class=""><div class="gmail_signature" data-smartmail="gmail_signature">Bazsi</div>
</div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>