Hello, Something strange is happening. At the first of the month I have logs that create a dir for 2002, one year ago and log breafly for 2002. It seems to be happening at the first of the month and only last breafly. Does anyone know why this is happening? Thanks, Keith
How do you have your destination configured? Are multiple devices logging to this destination? Does only some of the data get put into the off year or is it all of the data during that time period. Daniel M. Edwards Network Specialist A. Duda & Sons, Inc. -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Keith Olmstead Sent: Wednesday, July 09, 2003 3:50 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Year off the first of the month Hello, Something strange is happening. At the first of the month I have logs that create a dir for 2002, one year ago and log breafly for 2002. It seems to be happening at the first of the month and only last breafly. Does anyone know why this is happening? Thanks, Keith _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Wed, Jul 09, 2003 at 03:50:02PM -0500, Keith Olmstead wrote:
Hello,
Something strange is happening. At the first of the month I have logs that create a dir for 2002, one year ago and log breafly for 2002. It seems to be happening at the first of the month and only last breafly. Does anyone know why this is happening?
this is the code that guesses the current year (as that is not included in the log message): nowtm = localtime(&now); memset(&tm, 0, sizeof(tm)); strptime(lm->date->data, "%b %e %H:%M:%S", &tm); tm.tm_isdst = -1; tm.tm_year = nowtm->tm_year; if (tm.tm_mon > nowtm->tm_mon) tm.tm_year--; lm->stamp = mktime(&tm); that means that if the received month is greater than the local month, the current year is assumed to be the previous year. The reason for this is to cover the case when messages time stamped with December dates are processed in January. Maybe this 'autodetection' should be changed to require at least two months slip. Try this one: if (tm.tm_mon > nowtm->tm_mon + 1) tm.tm_year--; What do the others think? In any case the reason for this is that you have a sender with incorrect clock. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
I checked the time, they are off by a few seconds and it looks like only a few seconds are getting logged incorrectly. But why is it logging to the previous year? I am logging to a central server, currently about 20 servers are pointed to it. Here is what I have as my options. options { keep_hostname(no); long_hostnames(off); sync(1); log_fifo_size(1024); create_dirs(yes); use_dns(no); }; source src_local { unix-stream("/dev/log"); internal(); }; source src_network { udp(); }; and one of my Destinations: destination messages.network { file("/opt/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); }; filter f_messages { not facility(authpriv, mail, cron, local2, local4) and level(info, notice, warn, crit, err, alert, emerg,); }; log { source(src_local); filter(f_messages); destination(messages.local); }; Thanks, For the help. --Keith On Wed, 9 Jul 2003, Keith Olmstead wrote: Date: Wed, 9 Jul 2003 15:50:02 -0500 (CDT) From: Keith Olmstead <kolmstea@centurytel.net> Reply-To: syslog-ng@lists.balabit.hu To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Year off the first of the month Hello, Something strange is happening. At the first of the month I have logs that create a dir for 2002, one year ago and log breafly for 2002. It seems to be happening at the first of the month and only last breafly. Does anyone know why this is happening? Thanks, Keith _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --
participants (4)
-
Balazs Scheidler
-
Daniel M. Edwards
-
Keith Olmstead
-
kolmsteaï¼ centurytel.net