Hello, I have syslog-ng OSE 3.8 on debian 9 server (soon to be upgraded). when I receive syslog lines using the syslog protocol, I found out that C_* macros seem to contain date in UTC format (one hour than our current zone). I have tried to use following template: "${C_DATE} ${R_DATE} HOST ${HOST} FULLHOST ${FULLHOST} HOST_FROM ${HOST_FROM} FULLHOST_FROM ${FULLHOST_FROM} ${MESSAGE}\n" with following result: Jan 31 10:42:06 Jan 31 11:42:07 HOST fantomas FULLHOST fantomas HOST_FROM 195.80.174.185 FULLHOST_FROM 195.80.174.185 Configuration reload request received, reloading configuration; Is there any reason why C_DATE should be in different time zone than R_DATE? timezones are not configured on either of servers, both servers are in CET (DST+1) thank you -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
Hello, I have tried to RTFS but no success. are C_ dates in UTC or should they be? On 31.01.20 13:34, Matus UHLAR - fantomas wrote:
I have syslog-ng OSE 3.8 on debian 9 server (soon to be upgraded).
when I receive syslog lines using the syslog protocol, I found out that C_* macros seem to contain date in UTC format (one hour than our current zone).
I have tried to use following template:
"${C_DATE} ${R_DATE} HOST ${HOST} FULLHOST ${FULLHOST} HOST_FROM ${HOST_FROM} FULLHOST_FROM ${FULLHOST_FROM} ${MESSAGE}\n"
with following result:
Jan 31 10:42:06 Jan 31 11:42:07 HOST fantomas FULLHOST fantomas HOST_FROM 195.80.174.185 FULLHOST_FROM 195.80.174.185 Configuration reload request received, reloading configuration;
Is there any reason why C_DATE should be in different time zone than R_DATE? timezones are not configured on either of servers, both servers are in CET (DST+1)
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Hi Matus, C_ macros should handle time-zones (at least on a fresh version). I will check it on 3.8 soon. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk> Sent: Tuesday, February 4, 2020 2:38 PM To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] UTC in C_ macros? CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hello, I have tried to RTFS but no success. are C_ dates in UTC or should they be? On 31.01.20 13:34, Matus UHLAR - fantomas wrote:
I have syslog-ng OSE 3.8 on debian 9 server (soon to be upgraded).
when I receive syslog lines using the syslog protocol, I found out that C_* macros seem to contain date in UTC format (one hour than our current zone).
I have tried to use following template:
"${C_DATE} ${R_DATE} HOST ${HOST} FULLHOST ${FULLHOST} HOST_FROM ${HOST_FROM} FULLHOST_FROM ${FULLHOST_FROM} ${MESSAGE}\n"
with following result:
Jan 31 10:42:06 Jan 31 11:42:07 HOST fantomas FULLHOST fantomas HOST_FROM 195.80.174.185 FULLHOST_FROM 195.80.174.185 Configuration reload request received, reloading configuration;
Is there any reason why C_DATE should be in different time zone than R_DATE? timezones are not configured on either of servers, both servers are in CET (DST+1)
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=%2F0rasfGDvvua7Z7Nbgwfj4naS21z6Y6ZaH%2B8%2FztY%2BxQ%3D&reserved=0 Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=8yKSgI7JWIMVHPXz2wf%2Fc2YmT1NEyJ7bxGDKYyu2LBo%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=Nq96M%2BWi0PYjji7qkO%2Ft2NilOcdZVccankfdxGFRzQ4%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=F8m1Bv%2F2SVHYJxt4BRld3XUcsEHHff4H5s9%2FgdHWwuI%3D&reserved=0
I can observe the same behavior as you, on 3.8. It was fixed in 3.20 with https://github.com/syslog-ng/syslog-ng/commit/f65528392071a65c1962046607e921... Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> Sent: Tuesday, February 4, 2020 3:19 PM To: Matus UHLAR - fantomas <uhlar@fantomas.sk>; syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] UTC in C_ macros? CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Matus, C_ macros should handle time-zones (at least on a fresh version). I will check it on 3.8 soon. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk> Sent: Tuesday, February 4, 2020 2:38 PM To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] UTC in C_ macros? CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hello, I have tried to RTFS but no success. are C_ dates in UTC or should they be? On 31.01.20 13:34, Matus UHLAR - fantomas wrote:
I have syslog-ng OSE 3.8 on debian 9 server (soon to be upgraded).
when I receive syslog lines using the syslog protocol, I found out that C_* macros seem to contain date in UTC format (one hour than our current zone).
I have tried to use following template:
"${C_DATE} ${R_DATE} HOST ${HOST} FULLHOST ${FULLHOST} HOST_FROM ${HOST_FROM} FULLHOST_FROM ${FULLHOST_FROM} ${MESSAGE}\n"
with following result:
Jan 31 10:42:06 Jan 31 11:42:07 HOST fantomas FULLHOST fantomas HOST_FROM 195.80.174.185 FULLHOST_FROM 195.80.174.185 Configuration reload request received, reloading configuration;
Is there any reason why C_DATE should be in different time zone than R_DATE? timezones are not configured on either of servers, both servers are in CET (DST+1)
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=%2F0rasfGDvvua7Z7Nbgwfj4naS21z6Y6ZaH%2B8%2FztY%2BxQ%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C1a0bf510d5c841bddbc408d7a97d34e2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164227532477607&sdata=4jhe1EeZ2Wo0j0HNHWmecmd%2B2yI8CJndwqDHYU2Cfks%3D&reserved=0> Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=8yKSgI7JWIMVHPXz2wf%2Fc2YmT1NEyJ7bxGDKYyu2LBo%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C1a0bf510d5c841bddbc408d7a97d34e2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164227532487601&sdata=c6D8ypQ%2F6AqFsjxWo%2BE7ncIdCtjduudbGVznTdNFj5w%3D&reserved=0> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=Nq96M%2BWi0PYjji7qkO%2Ft2NilOcdZVccankfdxGFRzQ4%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C1a0bf510d5c841bddbc408d7a97d34e2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164227532497598&sdata=LwsWR9s2p5PEAMnLdvAbNn%2BUwD1n%2B8vVdhhHrPo4ZUE%3D&reserved=0> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C3efb1d3651ee47a184c808d7a9777bff%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164202984527642&sdata=F8m1Bv%2F2SVHYJxt4BRld3XUcsEHHff4H5s9%2FgdHWwuI%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C1a0bf510d5c841bddbc408d7a97d34e2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637164227532497598&sdata=pfq6vytqysnksPz3ETZKf08GC3%2F%2FvlsCPv2zz69h3EU%3D&reserved=0>
On 04.02.20 14:41, Attila Szakacs (aszakacs) wrote:
I can observe the same behavior as you, on 3.8. It was fixed in 3.20 with https://github.com/syslog-ng/syslog-ng/commit/f65528392071a65c1962046607e921...
Thank you, now I know it's a bug (not on my side). I will use R_ macros for now (should not cause much troubles, if any)
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk> Sent: Tuesday, February 4, 2020 2:38 PM To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] UTC in C_ macros?
Hello,
I have tried to RTFS but no success. are C_ dates in UTC or should they be?
On 31.01.20 13:34, Matus UHLAR - fantomas wrote:
I have syslog-ng OSE 3.8 on debian 9 server (soon to be upgraded).
when I receive syslog lines using the syslog protocol, I found out that C_* macros seem to contain date in UTC format (one hour than our current zone).
I have tried to use following template:
"${C_DATE} ${R_DATE} HOST ${HOST} FULLHOST ${FULLHOST} HOST_FROM ${HOST_FROM} FULLHOST_FROM ${FULLHOST_FROM} ${MESSAGE}\n"
with following result:
Jan 31 10:42:06 Jan 31 11:42:07 HOST fantomas FULLHOST fantomas HOST_FROM 195.80.174.185 FULLHOST_FROM 195.80.174.185 Configuration reload request received, reloading configuration;
Is there any reason why C_DATE should be in different time zone than R_DATE? timezones are not configured on either of servers, both servers are in CET (DST+1)
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?
participants (2)
-
Attila Szakacs (aszakacs)
-
Matus UHLAR - fantomas