Hi, I have a system configured to microseconds logging, but for most of entries it's always zero - actually the only program which logs it correctly is the syslog-ng itself. @1386239689.000000 13 blah @1386239859.947724 45 syslog-ng shutting down; version='3.5.2' @1386239860.304194 45 syslog-ng starting up; version='3.5.2' @1386239860.337325 45 EOF on control channel, closing connection; @1386239865.000000 13 blah Anyone have an idea what I'm doing wrong? Here's the config: destination d_mydest{ program("/somepath" template("@${UNIXTIME:--}\t${PRI:--}\t${MSGONLY}\n") flags(no_multi_line) flush_timeout(100) frac_digits(6) ); }; ______________________________________________________________ Clayton Dukes ______________________________________________________________
Most likely the incoming log simply doesn't contain a high-res timestamp. You're using UNIXTIME (which is M_UNIXTIME unless keep_timestamp is set to no) so it is read from the log header. Instead of M_ macros you could use the timestamp when the message was received (R_ macros) or those which refer to the actual time when syslog-ng delivers a log (C_ macros). On Fri, Dec 6, 2013 at 8:30 AM, Clayton Dukes <cdukes@gmail.com> wrote:
Hi, I have a system configured to microseconds logging, but for most of entries it's always zero - actually the only program which logs it correctly is the syslog-ng itself.
@1386239689.000000 13 blah
@1386239859.947724 45 syslog-ng shutting down; version='3.5.2'
@1386239860.304194 45 syslog-ng starting up; version='3.5.2'
@1386239860.337325 45 EOF on control channel, closing connection;
@1386239865.000000 13 blah
Anyone have an idea what I'm doing wrong?
Here's the config:
destination d_mydest{
program("/somepath"
template("@${UNIXTIME:--}\t${PRI:--}\t${MSGONLY}\n")
flags(no_multi_line)
flush_timeout(100)
frac_digits(6)
);
};
______________________________________________________________
Clayton Dukes ______________________________________________________________
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Man, I knew that - sorry I missed it! (and normally, I do use the R_ macro, I just missed it in this user's example that was sent to me) Thanks for the response :-) ______________________________________________________________ Clayton Dukes ______________________________________________________________ On Fri, Dec 6, 2013 at 5:07 AM, Sandor Geller < Sandor.Geller@morganstanley.com> wrote:
Most likely the incoming log simply doesn't contain a high-res timestamp. You're using UNIXTIME (which is M_UNIXTIME unless keep_timestamp is set to no) so it is read from the log header. Instead of M_ macros you could use the timestamp when the message was received (R_ macros) or those which refer to the actual time when syslog-ng delivers a log (C_ macros).
On Fri, Dec 6, 2013 at 8:30 AM, Clayton Dukes <cdukes@gmail.com> wrote:
Hi, I have a system configured to microseconds logging, but for most of entries it's always zero - actually the only program which logs it correctly is the syslog-ng itself.
@1386239689.000000 13 blah
@1386239859.947724 45 syslog-ng shutting down; version='3.5.2'
@1386239860.304194 45 syslog-ng starting up; version='3.5.2'
@1386239860.337325 45 EOF on control channel, closing connection;
@1386239865.000000 13 blah
Anyone have an idea what I'm doing wrong?
Here's the config:
destination d_mydest{
program("/somepath"
template("@${UNIXTIME:--}\t${PRI:--}\t${MSGONLY}\n")
flags(no_multi_line)
flush_timeout(100)
frac_digits(6)
);
};
______________________________________________________________
Clayton Dukes ______________________________________________________________
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Clayton Dukes
-
Sandor Geller