Okay, I have this in my syslog-ng.conf:

options { dir_perm(0755); perm(0644); chain_hostnames(no); ts_format("iso");
          keep_hostname(yes); };
...

# local0.debug                                          /var/log/ngr/ngr_3456_A.log

filter f_12 {
        facility(local0) and level(debug..emerg);
};

destination d_8 {
        file("/var/log/ngr/ngr_3456_A_$MONTH$DAY$YEAR.log"
        template("$R_ISODATE $HOST $MSG\n")
        template_escape(no)
        create_dirs(yes)
        );
};

log { source(local); filter(f_12); destination(d_8); };

And this is an entry from the corresponding log:

2006-02-10T07:45:15-05:00 localhost <rest of message>

If the timestamp in this case is using the received timestamp, how is this being transmitted/delivered? Is it being done in ASCII and, if so, is it possible that the fractional portions are not being included?

Thanks.

Rodney Lott

-----syslog-ng-bounces@lists.balabit.hu wrote: -----

by using a template and including the received timestamp instead of the
one in the log message, e.g.

file("/var/log/messages" template("$R_ISODATE $HOST $MSG\n"));

Maybe I should add a keep_timestamp(yes|no) option that would be similar
to keep_hostname(), e.g. keep_timestamp(yes) would prefer to use the
timestamp that was sent by the peer, and keep_timestamp(no) would
regenerate the timestamp. This is an alternative solution, however it
might be nice to avoid having to write an explicit template for this
cases.

Any opinions?

--
Bazsi

_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html