Balazs Scheidler wrote:
On Wed, 2007-06-13 at 12:33 +0200, Giulio Botto wrote:
Balazs Scheidler wrote:
On Thu, 2007-06-07 at 11:57 +0200, Giulio Botto wrote:
Hello,
I'm new to both syslog-ng and the list so I first tried the docs and archives, but couldn't find anything enlightening.
We have a syslog-ng 2.0.3 running on CentOS 5 and some Cisco PIX appliances sending their logs to it.
If my understanding is correct I should be receiving the sender's timestamp and should be able to log it in my log files instead of the the receiving timestamp by application of the S_DATE macro. If syslog-ng received an invalid timestamp or no timestamp, it generates a new value for S_DATE based on the local time.
Can you post a sample log message as received by syslog-ng? a tcpdump or an strace dump with the string size set to a high value (-s 4096 for instance) could be helpful.
PIX uses a funny timestamp, that syslog-ng could not understand. Can you check if this patch fixes the issue:
[...] Works perfectly, thanks! -- Giulio Botto -- madecto@sangria.org.il PGP fingerprint = 1979 A78A 8F82 DB5E 55E9 D6D6 6AB6 0BA9 FDB7 6789