On Thu, 2009-01-15 at 15:03 +0800, Charles Chan wrote:
> Recently I use the syslog-ng for log collection environment
> encountered a time zone problem,hope somebody can help me.Thanks
> The environment is like this:
> The apache server(PDT timezone,UTC-8) forword apache log through
> syslog to the syslog-ng server£¨CST timezone£¬UTC£«8£©.
> The server with same time zones no problem between the forward.
> Syslog-ng test configuration is as follows:
> destination int_apache (file ( "/ disk3/cookie_logs/pid1 / $ YEAR-$
> MONTH-$ DAY / $ (HOST). apache.log" time_zone (-08:00) template ( "$
> DAY-$ HOUR $ S_DAY-$ S_HOUR $ R_DAY-$ R_HOUR $ $ ISODATE $ MSGONLY \ n
> ") template_escape (no)););
>
> The original apache log is:
> 58.240.69.161 - - - [14/Jan/2009: 22:27:47 -0800] "GET /
>
www.example.com/ HTTP/1.1" 200 2028 "-" "Mozilla/4.0 ( compatible;
> MSIE 7.0; Windows NT 5.1) "
>
> The syslog-ng server generated log is:
> 14-22 14-22 14-22 2009-01-14T22 :27:47-08: 00 58.240.69.161 - - -
> [14/Jan/2009: 22:27:47 -0800] "GET / www.example. com / HTTP/1.1 "200
> 2028" - "" Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) "
>
> Originally generated documents should be kept in
> /disk3/cookie_logs/pid1/2009-01-14
> However, the actual file is stored in the
> /disk3/cookie_logs/pid1/2009-01-15
> It can be seen, in fact, syslog-ng configuration item file() use the
> $DAY and template() use the $DAY not with a identical Macros. Is this
> the syslog-ng a bug? or I configuration errors. Who can help me answer
> you?Thanks!