Okay, I tried it out and it works.  Here's my configuration:

# local0.debug                                          /var/log/ngr/ngr_3456_A.log

filter f_12 {
        facility(local0) and level(debug..emerg);
};

destination d_8 {
        file("/var/log/ngr/ngr_3456_A_$MONTH$DAY$YEAR.log"
        ts_format("iso")
        template("$R_ISODATE $HOST $MSG\n")
        template_escape(no)
        create_dirs(yes)
        frac_digits(3)
        );
};

log { source(local); filter(f_12); destination(d_8); };

This gives me the following output:  2006-02-13T08:52:54.554+05:00 localhost <rest of message>

So, in other words, I just added the frac_digits() option to file().

Thanks for helping me out - I appreciate it.

Rodney

-----syslog-ng-bounces@lists.balabit.hu wrote: -----

To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
From: Balazs Scheidler <bazsi@balabit.hu>
Sent by: syslog-ng-bounces@lists.balabit.hu
Date: 02/12/2006 08:41AM
Subject: Re: [syslog-ng] RFC3339 fractional second logging

On Sun, 2006-02-12 at 11:44 +0100, Balazs Scheidler wrote:
> On Sun, 2006-02-12 at 11:37 +0100, Balazs Scheidler wrote:
> > On Fri, 2006-02-10 at 08:29 -0500, rlott@ivhs.com wrote:

> So there are two timestamps per message:
>
> 1) the one in the message as received from the peer, it will never
> contain fractions except when the message was generated by syslog-ng and
> this information was also sent by using a custom template (syslog-ng
> tries to remain compatible with existing syslog devices by default, thus
> it does not send an extended timestamp) Macros referencing this timestamp
> begin with "S_" (for stamp)
>
> 2) the one assigned by syslog-ng when the message was received from the
> peer. This should always contain fractions. These stamps begin with
> "R_" (for received)
>
> The prefixes might not be very intuitive, their naming is historical
> heritage :)
>
> Thus the example configuration that you sent above should indeed include
> the time fractions, but not because the peer sends it, but because
> syslog-ng generates R_ timestamps locally as the messages arrive.
>
> However it does not work for some reason. Let me check it and get back
> to you.
>

I've just committed a patchset that should fix this functionality. I
also added frac_digits() option which controls how precisely time
fractions should be represented. (again, you need tomorrow's snapshot)

This is my test configuration:

options {
     file_template(t_file);
     proto_template(t_proto);
     ts_format(iso);
     normalize_hostnames(yes);
};

template t_file { template("<$PRI>$ISODATE $HOST $MSG\n"); template-escape(no); };
template t_proto { template("<$PRI>$ISODATE $HOST $MSG\n"); template-escape(no); };

source s_udp { unix-stream("log"); udp(ip("0.0.0.0") port(2000) flags(kernel) keep-timestamp(no)); };

destination d_file {
       file("/home/bazsi/zwa/install/syslog-ng-2.0/logs/messages");
       udp("localhost" port(3000) frac_digits(6));
};

log { source(s_udp); destination(d_file); };


--
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html