<div dir="ltr">destination d_file { file("/opt/syslog-ng/logs/$R_YEAR$R_MONTH$R_DAY/$HOST_FROM-$R_HOUR.log");}; <br><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 21, 2017 at 12:51 AM, Scheidler, Balázs <span dir="ltr"><<a href="mailto:balazs.scheidler@balabit.com" target="_blank">balazs.scheidler@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Can you pls show a more concrete sample? I dont understand "are being timestamped at the rotation time".</div><div dir="auto"><br></div><div dir="auto">3.2 is ancient but I am not sure any newer stuff is available on cygwin.<div><div class="h5"><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On Nov 21, 2017 00:29, "Contreras, Gerald (DPS)" <<a href="mailto:Gerald.Contreras@aph.gov.au" target="_blank">Gerald.Contreras@aph.gov.au</a>> wrote:<br type="attribution"><blockquote class="m_-7458021695766202776quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All,<br>
<br>
I am very new to syslog-ng via Cygwin.<br>
<br>
I am having trouble with MWG proxy logs where individual events inside the log are being timestamped at the rotation time (timestamping at 00:00-00:01AM).<br>
This happens intermittently so the problem isn't constant. I have verified via packet captures that the timestamp is correct up until syslog-ng begins to handle the event and write it to the log.<br>
<br>
My syslog-ng.conf is as follows<br>
<br>
==============================<wbr>==============================<wbr>===<br>
@version: 3.2<br>
<br>
@include "scl.conf"<br>
<br>
<br>
options {<br>
<br>
    create_dirs(yes);<br>
<br>
    use_dns(yes);<br>
<br>
    dns_cache_hosts(/etc/hosts);<br>
<br>
    dns_cache_expire(3600);<br>
<br>
    chain_hostnames(0);<br>
<br>
    log_fifo_size(512);<br>
<br>
    perm(0644);<br>
<br>
    dir_perm(0755);<br>
<br>
    time_reopen(10);<br>
<br>
    time_reap(360);<br>
<br>
    use_fqdn(no);<br>
<br>
    keep_hostname(no);<br>
<br>
    stats_freq(0);<br>
<br>
};<br>
<br>
<br>
source s_network {<br>
<br>
    udp(port("514"));<br>
<br>
};<br>
<br>
<br>
destination s_files {<br>
<br>
    file("/cygdrive/d/syslog/$HOST<wbr>/$HOST-$MONTH-$DAY.log" create_dirs(yes));<br>
<br>
};<br>
<br>
log { source(s_network); destination(s_files); };<br>
==============================<wbr>==============================<wbr>==<br>
<br>
Thanks. Any help or direction would be much appreciated<br>
<br>
<br>
<br>
Important Notice: If you have received this email by mistake, please advise the sender and delete the message and attachments immediately. This email, including attachments, may contain confidential, sensitive, legally privileged and/or copyright information. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited.<br>
<br>
Please consider the environment before printing this email.<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
</blockquote></div><br></div></div></div></div></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>