You know it seems like there should be an option to put a local timestamp into the local log with the LOCAL TIME everytime a remote instance is logged that is significantly off the local timebase --- other wise do it all in UTC so that everything will not need to be timezone converted in the audit tools. Todd ----- Original Message ----- From: "Jon Bidinger" <JonBidinger@fairisaac.com> To: <syslog-ng@lists.balabit.hu> Sent: Thursday, October 25, 2001 2:29 PM Subject: [syslog-ng]syslog-ng 1.5.12 and use_time_recvd()

I'm using syslog-ng as a syslogd replacement for a centralized log server. I'm also monitoring the logs using swatch. One of the options for swatch is to throttle messages that are repeating over a period of time.

The problem I'm having is that I have servers over many different timezones logging to the log server. This seems to confuse swatch since it can't tell which machine is in which timezone. After reading the docs for syslog-ng, use_time_recvd()seemed like the perfect option. However, after putting it in my options, the output doesn't change.

Am I doing something wrong or is there a problem with this feature?

from my /etc/syslog-ng/syslog-ng.conf

options { sync(0); time_reopen(10); log_fifo_size(100); use_time_recvd(yes); };

Thanks,

- Jon

=============================================================== Jon Bidinger Email: jpb@fairisaac.com

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng