[syslog-ng]use_time_recvd(no) not working?

Nicholas Berry nberry@ragingwire.com
Fri, 8 Mar 2002 09:05:49 -0800 

I have emailed a problem I've had a couple times, but I was playing around with the template() feature and found a little more preciously what the problem may be.

With template() defined as template("$DATE $HOST $MSG\n"), this is the output I receive:
 Mar  8 16:32:29 smf-jumpstart   A á     A á<149>Mar  8 16:32:29 sudo: [ID 850335
  local2.notice]   nberry : TTY=pts/1 ; PWD=/export/home/nberry ; USER=root ; COM
  MAND=/usr/ucb/whoami

With template() defined as template("$MSG\n"), this is the output I receive:
 <149>Mar  8 16:40:15 sudo: [ID 850335 local2.notice]   nberry : TTY=pts/1 ; PWD=/export/home/nberry ; USER=root ; 
  COMMAND=/usr/ucb/whoami

The examples were from a Solaris 8 host using its default syslog daemon, but I have similar issues on *all* other syslog reporting devices (routers, modem banks, etc.)

One thing that seems to be consistent between all syslog reporting devices is <X>.  Is this some sort of reference that syslogd uses?  Can I filter this out? Or will it cause a problem?  Also, in the first example "   A á     A á" is another commonality between hosts.  What is the default template() used?

I've seen reference to use of "$DATE_RECVD" as an acceptable macro, but I don't see this listed in the documentation.  Is there a document set with these new available macros?

Nicholas Berry 
Systems Engineer 
RagingWire Telecommunications, Inc. 
2710 Gateway Oaks Dr., Suite 300 South 
Sacramento, CA 95833 
Phone: 916.286.4048 
Fax: 916.921.4148 
E-mail: nberry@ragingwire.com 
www.ragingwire.com 


-----Original Message-----
From: Balazs Scheidler [mailto:bazsi@balabit.hu] 
Sent: Friday, March 08, 2002 12:37 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]use_time_recvd(no) not working?


> a) do you have any tips on tracking down the problem with the broken
> pam-timestamps?
> b) is the use_time_recvd() option broken/non-existant in 1.5.14 ?

it exists, but only affects macro expansion. the timestamp in the message itself is never touched unless you use template output files like this:

destination d_file { file("/var/log/messages" template("$DATE_RECVD $HOST $MSG\n")); };

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng