4 Jan
2006
4 Jan
'06
2:43 p.m.
On Wed, 2006-01-04 at 14:31 +1000, Michael Gehrmann wrote:
I have a vendor who has implemented their syslog message with a year in the date field e.g. Apr 15 10:06:19 2005
The vendor believes this to be a correct interpretation of the RFC (it's wrong if you read the next two paragraphs in the RFC) and will not change their software.
Has anyone got any ideas on how I can kill the year field so I can use standard reporting/filtering tools?
syslog-ng could be patched to support this timestamp and then generate a timestamp on its own as per syslog-ng's settings. The proper place is log.c, parse_log_msg() in syslog-ng 1.6.x and log_msg_parse() in logmsg.c in syslog-ng 1.9.x -- Bazsi