Convert UTC to local time zone using syslog-ng
Hi I receive syslog from remote note with timezone set as UTC. I need to convert these timestamp to local time zone Can some one suggest how can i achive it. Regards Pramod
Hi, you can specify the timezone in the destination driver using the time_zone() parameter. Regards, Robert On Thursday, March 24, 2011 15:29 CET, Pramod Pillai <pramodpillaip@gmail.com> wrote:
Hi
I receive syslog from remote note with timezone set as UTC. I need to convert these timestamp to local time zone Can some one suggest how can i achive it.
Regards Pramod ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi Robert Is there any way to set the timezone on the fly. Since the syslog-ng server can be installed in multiple locations( around the globe) , I can't hard code it to a specific timezone. Regards Pramod On Fri, Mar 25, 2011 at 12:46 AM, Fekete Róbert <frobert@balabit.hu> wrote:
Hi,
you can specify the timezone in the destination driver using the time_zone() parameter.
Regards,
Robert
On Thursday, March 24, 2011 15:29 CET, Pramod Pillai <pramodpillaip@gmail.com> wrote:
Hi
I receive syslog from remote note with timezone set as UTC. I need to convert these timestamp to local time zone Can some one suggest how can i achive it.
Regards Pramod ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, AFAIK, if you use the time_zone() parameter in the destination of your server (where you write all the incoming messages to files/etc), it should convert every timestamp to the specified timezone. Regards, Robert On 03/26/2011 08:17 PM, Pramod Pillai wrote:
Hi Robert
Is there any way to set the timezone on the fly. Since the syslog-ng server can be installed in multiple locations( around the globe) , I can't hard code it to a specific timezone.
Regards Pramod
On Fri, Mar 25, 2011 at 12:46 AM, Fekete Róbert<frobert@balabit.hu> wrote:
Hi,
you can specify the timezone in the destination driver using the time_zone() parameter.
Regards,
Robert
On Thursday, March 24, 2011 15:29 CET, Pramod Pillai<pramodpillaip@gmail.com> wrote:
Hi
I receive syslog from remote note with timezone set as UTC. I need to convert these timestamp to local time zone Can some one suggest how can i achive it.
Regards Pramod ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Sun, 2011-03-27 at 00:47 +0530, Pramod Pillai wrote:
Hi Robert
Is there any way to set the timezone on the fly. Since the syslog-ng server can be installed in multiple locations( around the globe) , I can't hard code it to a specific timezone.
In order to set up proper timezone conversions, syslog-ng needs to know 2 things: 1) the timezone received messages are coming from 2) the timezone you want the messages to be converted to If either of these two is invalid, you get bogus results. The source timezone for source messages might be specified by the sender (syslog-ng can do this if ISO timestamps are being used, but legacy syslogds cannot) If your incoming messages lack timezone information, you can still specify that for your source driver: source xxx { udp(time_zone("UTC")); }; This will assign UTC to all messages that lack the timezone information (and will not touch those which do have). Next step, is that you can specify the timezone for each of your destinations: destination ddd { file("/var/log/messages" time_zone("Europe/Budapest")); }; Without the destination part, syslog-ng will keep the timezone as it originally was (without conversion). If you choose to do this, it'd possibly make sense to add the identified timezone to the files using $ISODATE, or by setting ts_format("iso"). -- Bazsi
Hi Bazsi The syslog-ng will be installed on different timezone. And hence I cannot hard code the value to a single time zone. I need to either read it from file or from a solaris environment variable. How I can achive it. Configuration line like the one mentioned bbelow won't help. destination ddd { file("/var/log/messages" time_zone("Europe/Budapest")); }; Regards Pramod 2011/3/28 Balazs Scheidler <bazsi@balabit.hu>:
On Sun, 2011-03-27 at 00:47 +0530, Pramod Pillai wrote:
Hi Robert
Is there any way to set the timezone on the fly. Since the syslog-ng server can be installed in multiple locations( around the globe) , I can't hard code it to a specific timezone.
In order to set up proper timezone conversions, syslog-ng needs to know 2 things:
1) the timezone received messages are coming from 2) the timezone you want the messages to be converted to
If either of these two is invalid, you get bogus results. The source timezone for source messages might be specified by the sender (syslog-ng can do this if ISO timestamps are being used, but legacy syslogds cannot) If your incoming messages lack timezone information, you can still specify that for your source driver:
source xxx { udp(time_zone("UTC")); };
This will assign UTC to all messages that lack the timezone information (and will not touch those which do have).
Next step, is that you can specify the timezone for each of your destinations:
destination ddd { file("/var/log/messages" time_zone("Europe/Budapest")); };
Without the destination part, syslog-ng will keep the timezone as it originally was (without conversion). If you choose to do this, it'd possibly make sense to add the identified timezone to the files using $ISODATE, or by setting ts_format("iso").
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Balazs Scheidler
-
Fekete Robert
-
Fekete Róbert
-
Pramod Pillai