[syslog-ng]problem with different timezones

[Balazs Scheidler]

On Wed, 2004-09-22 at 16:06, ARGEXT-HIDALGO, FRANCISCO wrote:
> I have the following situation:
> I have several logging servers in different timezones and these send all their information with TCP to a central logging server.
> What I don't understand is that when I recieve a log in the central log server I recieve the exact same line that appears in the log server that sent the log. The date isnt updated no matter if I use or not the use_time_recvd() option.
> The only solution I found was to use a template with the $DATE macro.
> That would be my first doubt, why use_time_recvd() doesn't work?

the use_time_recvd() as it currrently works should be obsoleted, it
predates the R_DATE and S_DATE macros, and it simply affects macro
expansion with the DATE macro in it. (and does not affect for example
destinations without a template)

so use_time_recvd() works as intended during the syslog-ng 1.2 series
(IIRC), but now you should use either S_DATE (the stamp in the message)
or R_DATE (the stamp syslog-ng put on the message when it received it)

> 
> My second doubt is, is there any macro for the time sent?, so I can
>  have in the same log (on the central logging) the time sent and the 
> time received, so I know if there was any delay. For example if the 
> link went down and they were retained in the original server for a 
> while. (the servers would be sync'ed in time)

the problem with this is that bufferring happens at a later stage, after
the message is already formatted. Maybe you could achieve the same by
putting the received timestamp at the receiving syslog-ng.

-- 
Bazsi