[syslog-ng]apache logs, again

Balazs Scheidler bazsi@balabit.hu
Tue, 8 Oct 2002 15:53:18 +0200

On Tue, Oct 08, 2002 at 10:41:37AM -0300, Andreas Hasenack wrote:
> Ok, I'm using the tail | logger thing and it sort of works. But there is
> a problem: date/time. I get entries like this in mysql:
> (long line below, sorry)
> 714 machine local4 info 2001-12-31 00:00:00 apache: - - [07/Oct/2002:17:43:41 -0300] "POST /syslog/results.php HTTP/1.1" 200 700
> Of course, only the date/time of the entry itself (msg field) is correct. Logger
> doesn't seem to add date/time info to the logs it sends. Any clever way around
> this?
> Is this a logger bug?

I assume you are using templates to format the time field above
(2001-12-31), try using 

1) use_time_recvd(), or
2) the time macros beginning with R_ (meaning received stamp),


this inserts the date the message was received instead of the stamp in the
message itself. I'd be curious how 2001-12-31 was generated. If no timestamp
is included in the message, syslog-ng substitutes the current date (same as
received stamp)

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1