[syslog-ng]use_time_recvd() not working?
Hall J D (ISeLS)
syslog-ng@lists.balabit.hu
Wed, 30 Jun 2004 15:52:42 +0100
This is a multi-part message in MIME format.
------_=_NextPart_001_01C45EB1.E5B25986
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello all,
I've recently installed Syslog-ng 1.6.2 on a FreeBSD 4.9 to act as my =
new collector and I can't get the use_time_recvd() option to work =
properly.
No matter if I specify use_time_recvd(yes) or use_time_recvd(no) the =
messages, from a Cisco PIX firewall, are still getting recorded with the =
time from the message and not the local time.
Is this a know issue, or am I doing something really silly?
Below are the relevant bits from my config
Thanks,
Jonathan
options { long_hostnames(off); sync(0); use_time_recvd(yes);
create_dirs(yes); dir_perm(0750); };
source net { udp(ip(193.63.147.98) port(514));
tcp(ip(193.63.147.98) port(1740) keep-alive(yes)); };
destination fwall { =
file("/var/log/firewalls/$HOST.$YEAR.$MONTH.$DAY.log"
perm(0640)); };
filter f_pixmsg { match("%PIX"); };
filter f_local0 { facility(local0); };
log { source(net); filter(f_local0); filter(f_pixmsg); =
destination(fwall); };
------_=_NextPart_001_01C45EB1.E5B25986
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.6944.0">
<TITLE>use_time_recvd() not working?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=3D2 FACE=3D"Arial">Hello all,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">I've recently installed Syslog-ng 1.6.2 =
on a FreeBSD 4.9 to act as my new collector and I can't get the =
use_time_recvd() option to work properly.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">No matter if I specify =
use_time_recvd(yes) or use_time_recvd(no) the messages, from a =
Cisco PIX firewall, are still getting recorded with the time from the =
message and not the local time.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Is this a know issue, or am I doing =
something really silly?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Below are the relevant bits from my =
config</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Jonathan</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">options { long_hostnames(off); sync(0); =
use_time_recvd(yes);</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p; create_dirs(yes); dir_perm(0750); =
};</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">source net { =
udp(ip(193.63.147.98) port(514));</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p; tcp(ip(193.63.147.98) port(1740) =
keep-alive(yes)); };</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">destination fwall { =
file("/var/log/firewalls/$HOST.$YEAR.$MONTH.$DAY.log"</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p;  =
; perm(0640)); };</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">filter f_pixmsg { =
match("%PIX"); };</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">filter f_local0 { facility(local0); =
};</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">log { source(net); filter(f_local0); =
filter(f_pixmsg); destination(fwall); };</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C45EB1.E5B25986--