On /dev/log (the usual means of submitting messages) the timestamp is formatted by the syslog() function call, part of libc (probably musl in the case of openwrt). Libc uses /etc/localtime to query the local time zone. On Mon, Aug 15, 2022, 05:56 Francois Marier <francois@fmarier.org> wrote:
I'm trying to understand timezones in syslog-ng, but I think there's something I'm missing.
If I do the following on my OpenWRT machine:
/etc/init.d/syslog-ng restart logger TestA
I see the following in /var/log/messages:
Aug 14 20:39:35 hostname syslog-ng[9860]: syslog-ng shutting down; version='3.37.1' Aug 14 20:39:36 hostname syslog-ng[10024]: syslog-ng starting up; version='3.37.1' Aug 14 20:39:36 hostname syslog-ng[10024]: Syslog connection established; fd='15', server='AF_INET(192.168.1.10:514)', local='AF_INET( 0.0.0.0:0)' Aug 15 03:39:49 hostname root: TestA
The correct timezone is the one in the first three lines. Other daemon messages are displayed using the incorrect timezone like `logger`.
I've attached my syslog-ng.conf file.
So my question is why is the time information correct in the first three messages and then incorrect from there on?
Francois
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq