On Thu, 2007-06-07 at 11:57 +0200, Giulio Botto wrote:
Hello,
I'm new to both syslog-ng and the list so I first tried the docs and archives, but couldn't find anything enlightening.
We have a syslog-ng 2.0.3 running on CentOS 5 and some Cisco PIX appliances sending their logs to it.
If my understanding is correct I should be receiving the sender's timestamp and should be able to log it in my log files instead of the the receiving timestamp by application of the S_DATE macro.
If syslog-ng received an invalid timestamp or no timestamp, it generates a new value for S_DATE based on the local time. Can you post a sample log message as received by syslog-ng? a tcpdump or an strace dump with the string size set to a high value (-s 4096 for instance) could be helpful. -- Bazsi