Thanks to Michael pointing me at the mail archive I now understand that use_time_recvd() only applies to macros used in filename expansion and logformat templates. So to get the behaviour I was expecting, that use_time_recvd(yes) would effect the "default" template, I need to define a template for my destination. Would template("$DATE $HOST $MSG\n") cover it? While looking through the mail archives I saw mention of many other macros, R_DATE, S_DATE etc., which don't appear in the documentation. Do these still exist and if so what do they do? Are they left out of the documentation for a reason? Thanks again, Jonathan -----Original Message----- From: Trapp, Michael [mailto:michael.trapp@sap.com] Sent: 30 June 2004 16:04 To: Hall J D (ISeLS) Cc: 'syslog-ng@lists.balabit.hu' Subject: RE: [syslog-ng]use_time_recvd() not working? hi jonathan, have a look at https://lists.balabit.hu/pipermail/syslog-ng/2002-September/003874.html regards michael -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Hall J D (ISeLS) Sent: Mittwoch, 30. Juni 2004 16:53 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]use_time_recvd() not working? Hello all, I've recently installed Syslog-ng 1.6.2 on a FreeBSD 4.9 to act as my new collector and I can't get the use_time_recvd() option to work properly. No matter if I specify use_time_recvd(yes) or use_time_recvd(no) the messages, from a Cisco PIX firewall, are still getting recorded with the time from the message and not the local time. Is this a know issue, or am I doing something really silly? Below are the relevant bits from my config Thanks, Jonathan options { long_hostnames(off); sync(0); use_time_recvd(yes); create_dirs(yes); dir_perm(0750); }; source net { udp(ip(193.63.147.98) port(514)); tcp(ip(193.63.147.98) port(1740) keep-alive(yes)); }; destination fwall { file("/var/log/firewalls/$HOST.$YEAR.$MONTH.$DAY.log" perm(0640)); }; filter f_pixmsg { match("%PIX"); }; filter f_local0 { facility(local0); }; log { source(net); filter(f_local0); filter(f_pixmsg); destination(fwall); };