Hello,

 

Using a syslog-ng sever to filter syslogs before forwarding.  I’m being asked to not change the timestamp in the syslog message. I’ve tried the “keep-timestamp(yes);” option in the syslog-ng.conf, but there’s no change in the timestamp.  There must be an option I’m missing?

 

Example of the change: 

 

Dec 07 15:08:57   <<<< Not filtered by syslog-ng

 

1 2016-12-07T15:07:32-06:00   <<< Filtering currently with syslog-ng

 

 

 

Thank you for looking

 

Best Regards,

 

David