Hello, I am having trouble using the timestamp formatter. The document says I can use ts_format() as rfc3164, bsd, rfc3339, or iso. I've tried multiple values and have gotten the same result. I've tried putting the ts_format(rfc3339) in the global options and in the destination's syslog() and have gotten the same result. My test logs show the following no matter what ts_format I set: <113>1 2014-11-25T11:00:00+00:00 10.1.1.1 RedBox - I want it to look like the following: <113>1 2014-11-25T11:00:00.000Z 10.1.1.1 RedBox - Am I missing something? Thanks, Jimmy Ou
This seems like ab rfc5424 style message, eg the syslog driver. There the format of the timestamp is defined by the rfc and cannot be overridden. If you want to customize the format on the network you should be using the network() driver (used to be called tcp() in older versions) there you can override the message format with the template () parameter. ts_format() only controls formatting of file destinations in case a template is not present or when you explicitly use the $STAMP macro. On Mar 27, 2014 6:46 PM, "Ou, Jimmy" <Jimmy.Ou@viasat.com> wrote:
Hello,
I am having trouble using the timestamp formatter.
The document says I can use ts_format() as rfc3164, bsd, rfc3339, or iso.
I've tried multiple values and have gotten the same result.
I've tried putting the ts_format(rfc3339) in the global options and in the destination's syslog() and have gotten the same result.
My test logs show the following no matter what ts_format I set:
<113>1 2014-11-25T11:00:00+00:00 10.1.1.1 RedBox -
I want it to look like the following:
<113>1 2014-11-25T11:00:00.000Z 10.1.1.1 RedBox -
Am I missing something?
Thanks,
Jimmy Ou
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Balazs Scheidler
-
Ou, Jimmy