[syslog-ng]Bug in S_YEAR?
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Tue, 01 Feb 2005 11:39:34 +0100
Hi,
I have a Solaris 8 host with syslog-ng ver 1.6.5 set up with the
following syslog-ng.conf:
options {
use_time_recvd(no); # Use the time a message is received instead of the one specified in the message.
sync(0); # The number of lines buffered before written to file.
};
source src {
udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(514) max-connections(100));
sun-streams("/dev/log" door("/etc/.syslog_door")); # local solaris syslog
internal(); # syslog-ng interne meldinger
};
source s_syslog_ng {
internal(); # syslog-ng interne meldinger
};
destination dst_template {
file("/syslog/$R_YEAR/$R_MONTH/$R_DAY/$HOST"
template("$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC | $R_UNIXTIME | $S_YEAR-$S_MONTH-$S_DAY $S_HOUR:$S_MIN:$S_SEC | $S_UNIXTIME | $HOST | $HOST_FROM | $FULLHOST | $SOURCEIP | $FACILITY.$PRIORITY | $TAG | $PROGRAM | $MSG\n")
);
};
destination d_syslog_ng {
file("/syslog/syslog-ng.log" sync(0) log_fifo_size(10) perm(0644) );
};
log {
source (s_syslog_ng);
destination (d_syslog_ng);
};
log {
source(src);
destination(dst_template);
};
Then I have another host set up to use syslog-ng as loghost. This host
has purposely wrong time (1973-01-02), as can be seen here:
joe@testhost / $ logger "test. local time on `uname -n` is `date +'%Y-%m-%d %H:%m:%S'`"
joe@loghost / $ tail -1 /syslog/2005/02/01/testhost
2005-02-01 11:24:47 | 1107253487 | 2005-01-02 21:04:39 | 1104696279 | testhost | testhost | testhost/testhost | 192.168.1.2 | user.notice | 0d | joe | joe: [ID 702911 user.notice] test. local time on testhost is 1973-01-02 21:01:39
It seems as S_YEAR is set to YEAR (or R_YEAR, I have not checked the source). I hope someone can fix this before syslog-ng 1.6.6...
Regards
Jan Thomas Moldung