On Mon, 2010-03-22 at 12:01 -0500, Patrick A. Green wrote:
Balazs Scheidler wrote:
On Thu, 2010-03-18 at 09:19 -0500, Chris Fabri wrote:
On Thu, Mar 18, 2010 at 4:53 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2010-03-17 at 09:44 -0500, Chris Fabri wrote:
I have a red hat 3 system running 3.0.4 It did not successfully adjust for daylight savings time. Everything else on the system is fine - syslog is showing the correct time stamps, the system reports the correct time. Restart of syslog-ng, and shutting down both syslog and syslog-ng did not help. I didn't see anything in the lists addressing this, here are details of my syslog-ng:
[fabric@netlog dhcp]$ sudo /usr/local/sbin/syslog-ng -V syslog-ng 3.0.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10 Compile-Date: Aug 24 2009 16:54:31 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: off Enable-SQL: off Enable-Linux-Caps: on Enable-Pcre: off
I didn't see anything in the man page for adjusting for time. I have keep_timestamp(no) configured in my conf file. The systems sending the syslog files time is correctly adjusted for daylight savings. Is this a bug in this particular version, or am I just missing the right flag or something? chris
You state that syslog is showing correct timestamps. Is that syslogd? Or where do you see the problem?
Problem is only with syslog-ng. syslogd is working fine.
Can you give a more concrete example? Like the timezone you are in, the message that gets misinterpreted.
syslog-ng should cope with timezones well. We had a recent related issue that it didn't work, but only in the transition window (e.g. for one hour until the DST becomes non-DST or vica versa)
I'm in Chicago so US/Central which is -0600 in Winter and -0500 in Summer.
Here's an example of the log:
Mar 22 11:34:34 netlog-e0 su(pam_unix)[4974]: session opened for user root by ... Mar 22 10:38:16 netlog-e0 netlog syslog-ng[20695]: Log statistics ...
Here's the important part of the configuration concerning time:
and which is the expected time? 11:34 or 10:38?
options { use_dns(yes); # syslog-ng blocks on DNS lookups use_fqdn(no); # fully qualified domain name dns_cache(yes); # syslog-ng internal dns caching keep_hostname(no); # hostname from syslog message chain_hostnames(no); # add resolved host name keep_timestamp(no); # use received time v3 # use_time_recvd(yes); # time from syslog message v2 }; # syslog-ng internal messages source src_internal { internal(); }; # increase max number of tcp sources source src { tcp(max-connections(100)); };
-- Bazsi