[syslog-ng]Bug in S_YEAR?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 03 Feb 2005 11:07:39 +0100
On Tue, 2005-02-01 at 11:39 +0100, janth@moldung.no wrote:
> Hi,
> I have a Solaris 8 host with syslog-ng ver 1.6.5 set up with the
> following syslog-ng.conf:
> Then I have another host set up to use syslog-ng as loghost. This host
> has purposely wrong time (1973-01-02), as can be seen here:
>
> joe@testhost / $ logger "test. local time on `uname -n` is `date +'%Y-%m-%d %H:%m:%S'`"
>
> joe@loghost / $ tail -1 /syslog/2005/02/01/testhost
> 2005-02-01 11:24:47 | 1107253487 | 2005-01-02 21:04:39 | 1104696279 | testhost | testhost | testhost/testhost | 192.168.1.2 | user.notice | 0d | joe | joe: [ID 702911 user.notice] test. local time on testhost is 1973-01-02 21:01:39
>
> It seems as S_YEAR is set to YEAR (or R_YEAR, I have not checked the source). I hope someone can fix this before syslog-ng 1.6.6...
The problem is that there is no 'year' field in the syslog message,
except if you are using a message format which does include a year. (The
PIX style timestamp includes a year and syslog-ng supports its
extraction:
/* PIX time stamp, format: MMM DD YYYY HH:MM:SS: */
However this is much better solved in syslog-ng 1.9.x which also fully
supports ISO timestamps (year, timezone and fractions of seconds)
--
Bazsi