On Tue, 2005-02-01 at 11:39 +0100, janth@moldung.no wrote:
Hi, I have a Solaris 8 host with syslog-ng ver 1.6.5 set up with the following syslog-ng.conf:
Then I have another host set up to use syslog-ng as loghost. This host has purposely wrong time (1973-01-02), as can be seen here:
joe@testhost / $ logger "test. local time on `uname -n` is `date +'%Y-%m-%d %H:%m:%S'`"
joe@loghost / $ tail -1 /syslog/2005/02/01/testhost 2005-02-01 11:24:47 | 1107253487 | 2005-01-02 21:04:39 | 1104696279 | testhost | testhost | testhost/testhost | 192.168.1.2 | user.notice | 0d | joe | joe: [ID 702911 user.notice] test. local time on testhost is 1973-01-02 21:01:39
It seems as S_YEAR is set to YEAR (or R_YEAR, I have not checked the source). I hope someone can fix this before syslog-ng 1.6.6...
The problem is that there is no 'year' field in the syslog message, except if you are using a message format which does include a year. (The PIX style timestamp includes a year and syslog-ng supports its extraction: /* PIX time stamp, format: MMM DD YYYY HH:MM:SS: */ However this is much better solved in syslog-ng 1.9.x which also fully supports ISO timestamps (year, timezone and fractions of seconds) -- Bazsi