Hi, I configured a syslog-ng server and several clients for testing and it is working great, my only problem is with the timestamp() option. We have a lot of computer in different time zones and I would like to set up the system to keep the messages time stamps. Here is the config for the syslog-ng server: options { flush_lines(5); flush_timeout(1000); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use_dns(yes); dns_cache_hosts(/etc/hosts); use_fqdn(no); create_dirs(yes); dir_perm(0700); keep_hostname(yes); keep_timestamp(yes); stats_freq(0); }; Is there something else what I have to whit this? Thanks for your help! Tamas
Hi, general description about timezone in syslog-ng: * If no timezone information in the incoming message, syslog-ng will assign the local timezone for the message by default * The default timezone can be overridden using the global recv_time_zone() or source specific time_zone() option * If the incoming message contains timezone information, syslog-ng will use it as timezone Because BSD syslog protocol does not contain timezone information in timestamp by default (example for BSD timestamp: Jan 1 14:45:22), if your client send BDS style messages, syslog-ng will use the local timezone. There are two possible solutions: * you can override the default timezone using the above options (time_zone(), recv_time_zone()) * you can change the default timestamp type for the sent messages in the clients. To change it use the 'ts_format("iso")' option in every client configuration, after changing, syslog-ng will use an extended timestamp for BSD messages (e.g.: 2011-03-24T15:13:45+01:00). Also, there is a third solution, you can use syslog protocol (rfc 5424) instead of BSD, in this case you can use syslog() sources on the server, and syslog() destination on the clients, the default timestamp for syslog protocol is ISO date. On 2011-06-02 16:37, Tamas Szklenar wrote:
Hi,
I configured a syslog-ng server and several clients for testing and it is working great, my only problem is with the timestamp() option. We have a lot of computer in different time zones and I would like to set up the system to keep the messages time stamps. Here is the config for the syslog-ng server:
options { flush_lines(5); flush_timeout(1000); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use_dns(yes); dns_cache_hosts(/etc/hosts); use_fqdn(no); create_dirs(yes); dir_perm(0700); keep_hostname(yes); keep_timestamp(yes); stats_freq(0); };
Is there something else what I have to whit this?
Thanks for your help!
Tamas
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Dear Zoltan, Thank you for your help! I totally forget to configure the time zones on our computers. I will try one solution soon... Tamas
Hi,
general description about timezone in syslog-ng: * If no timezone information in the incoming message, syslog-ng will assign the local timezone for the message by default * The default timezone can be overridden using the global recv_time_zone() or source specific time_zone() option * If the incoming message contains timezone information, syslog-ng will use it as timezone
Because BSD syslog protocol does not contain timezone information in timestamp by default (example for BSD timestamp: Jan 1 14:45:22), if your client send BDS style messages, syslog-ng will use the local timezone. There are two possible solutions: * you can override the default timezone using the above options (time_zone(), recv_time_zone()) * you can change the default timestamp type for the sent messages in the clients. To change it use the 'ts_format("iso")' option in every client configuration, after changing, syslog-ng will use an extended timestamp for BSD messages (e.g.: 2011-03-24T15:13:45+01:00).
Also, there is a third solution, you can use syslog protocol (rfc 5424) instead of BSD, in this case you can use syslog() sources on the server, and syslog() destination on the clients, the default timestamp for syslog protocol is ISO date.
On 2011-06-02 16:37, Tamas Szklenar wrote:
Hi,
I configured a syslog-ng server and several clients for testing and it is working great, my only problem is with the timestamp() option. We have a lot of computer in different time zones and I would like to set up the system to keep the messages time stamps. Here is the config for the syslog-ng server:
options { flush_lines(5); flush_timeout(1000); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use_dns(yes); dns_cache_hosts(/etc/hosts); use_fqdn(no); create_dirs(yes); dir_perm(0700); keep_hostname(yes); keep_timestamp(yes); stats_freq(0); };
Is there something else what I have to whit this?
Thanks for your help!
Tamas
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Tamas Szklenar
-
Zoltán Pallagi