[syslog-ng]use_time_recvd(no) not working?
Michael Renner
m.renner@inode.at
Fri, 08 Mar 2002 15:09:29 +0100
At 09:36 08.03.2002 +0100, you wrote:
> > a) do you have any tips on tracking down the problem with the broken
> > pam-timestamps?
> > b) is the use_time_recvd() option broken/non-existant in 1.5.14 ?
>
>it exists, but only affects macro expansion. the timestamp in the message
>itself is never touched unless you use template output files like this:
>
>destination d_file { file("/var/log/messages" template("$DATE_RECVD $HOST
>$MSG\n")); };
$DATE_RECVD doesn't seem to be the correct variable to expand the local
timestamp, when using it i get log entries like this:
Mar 8 13:59:50_RECVD hp.priv.inode.at printer: peripheral low-power state
Btw. are the timestamps of the syslog-messages when they get processed
through syslogd/syslog-ng and sent over the network already in a
human-readable format or something like the unix timestamp? If they're
already in a human readable format maybe syslog-ng gets confused by the
umlaut "ä" in the log message and can't translate "Mär" (März) to March,
causing the wrong Date (31.12.2001)
Example message:
Mär 8 13:31:36 backup.priv.inode.at PAM-unix2[32226]: session finished for
user root, service su
best regards
--
Renner Michael
Junior System Engineer
Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699