Thanks Peter While it does print both the sent time and received time the time zone info is still not correct. Here's what I got using template("$R_ISODATE $S_ISODATE $HOST $MSG\n") 2007-10-29T08:10:21+13:00 2007-10-28T19:12:37+13:00 blah blah Am I misunderstanding what the source time_zone option is meant to do? source s_net { udp(port(514) time_zone(-01:00)); }; -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of HÖLTZL Péter Sent: Friday, 26 October 2007 10:55 p.m. To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] timestamps

We have a central syslog server that we would like to record both the timestamp send by the client and the receipt timestamp.

In other words, a keep_timestamp(yes and no) option.

Just use a template, which uses both the macros R_ISODATE and S_ISODATE (or any other, see http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch08s05.html) and use them in a macro eg: template t_both_timestamps { template("$R_ISODATE $HOST $S_ISODATE $MSG\n"); template_escape(no); }; Regards, Peter HÖLTZL -- BalaBit IT Bizt. Kft | Tel: +36 1 371-0540 | GnuPG Fingerprint: holtzl.peter@balabit.hu | Mobil: +36 20 366-9667 | 2831 E951 B9EE 63BB F0F4 http://www.balabit.hu/ | Fax: +36 1 208-0875 | 2F4A 1EA4 4B12 7638 29C0 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html