[syslog-ng] timezones
Balazs Scheidler
bazsi at balabit.hu
Thu Nov 9 17:24:58 CET 2006
On Thu, 2006-11-09 at 16:04 +0100, Szeti, Balazs wrote:
> Hello!
>
> I'm trying to log messages with ISO timestamps from different timezones.
> Example through TCP:
> <140>2006-11-05T05:15:15+01:00 1 2 3
> <140>2006-11-05T05:15:15+02:00 1 2 3
> <140>2006-11-05T05:15:15+03:00 1 2 3
>
> The syslog-ng's node is in +01:00 timzone. I left all the time_zone() on
> default.
>
> Template used:
> template t_year { template("$S_ISODATE $R_ISODATE $S_HOUR: $MSGONLY\n");
> };
>
> Result in the log:
> 2006-11-05T05:15:15.000000+01:00 2006-11-09T16:12:10+01:00 05: 2 3
> 2006-11-05T07:15:15.000000+02:00 2006-11-09T16:11:41+01:00 07: 2 3
> 2006-11-05T09:15:15.000000+03:00 2006-11-09T16:12:37+01:00 09: 2 3
>
> There's nothing wrong with the R_ISODATE, but I don't understand the
> S_ISODATE. When I log with the syslog-ng node timezone it writes the
> right value, but when I change the timezone in the TCP message the
> S_HOUR increases! I would like to see the original timestamp from the
> message and the R_ISODATE right next to each other.
> Why is the S_ISODATE increased?
> Can S_HOUR now be used in file name templates???
>
Does your client include timezone information in the messages it sends?
syslog-ng can do so, but only if you change the protocol template
(assuming you are using syslog-ng 2.0.x)
--
Bazsi
More information about the syslog-ng
mailing list