Hi list, timezones and daylight saving time are causing me a serious headache, and I hope that someone can give me a hint :-) Let's start: * I have several servers sending syslog (clients) and also several syslog servers (receivers) * Most (all) of them are running syslog-ng :o) * Local timezone is Europe/Rome (CEST), that's GMT +01:00 and +02:00 while summertime * All systems have their system clock set to UTC and correct local settings (Europe/Rome) * syslog is written to local files on each server (just to be sure to miss nothing in case of network outages etc) + local files on syslog reciever (rotation & archive) + mysql db on syslog reciever (for short history & web app) * syslog reciever is currently getting about 60 syslog entries per second, once in full production that will be something like 200 per second Even if all of my servers are (at least right now) residing in the same timezone I would like to do things the right way. Therefore in my believes timestamp should be saved as a UTC value - correct localized presentation should be up to my web application. Documentation is telling me that:
2.6. Daylight saving changes The syslog-ng application receives the timezone and daylight saving information from the operating system it is installed on. If the operating system handles daylight saving correctly, so does syslog-ng.
This is great news :-) But what exactly does it mean to me? As told before all my systems are running with UTC system clock and CEST local timezone. Should I set recv_time_zone("+01:00")? Doesn't make sense to me, as I need CEST: +01:00 and +02:00!? Should I set send_time_zone('00:00') on each syslog client? Can I trust S_UNIXTIME and / or R_UNIXTIME (instead of R_HOUR & Co)? Lot's of questions, I know :o) Thanks for your attention! Cheers, Thomas Gelf -- Thomas Gelf <thomas@gelf.net>