[syslog-ng] timezones

[Balazs Scheidler]

On Fri, 2006-11-10 at 14:57 +0100, Szeti, Balazs wrote:
> Hello!
> 
> Yes!
> It seems, that the fix solved the problem. I haven't checked everything
> yet, but the timestamps was just like I expected them. Thanks!
> 
> As far I see (and maybe it was also written in the manual) if I use the
> S_XXXX macros in file name, then the time is converted to the local
> timezone and the file is created with a name according to the received
> timestamp converted to local timezone. In the logged line the original
> timezone is used at the same time. Well, it's just fine for me, but it's
> not a consistent way of using the S_XXXX macros. Should it be
> configured? :)

It used to be configurable, but I thought it'd be even more confusing
(at least for me :) 

In my opinion, any time interpreted and used by syslog-ng itself should
use the local time zone, just as any other program running on the same
host does this. This way S_HOUR in filenames is the same for two
messages generated at the same time but coming with a different zone
offset.

E.g. if you have something like:

file("/var/log/messages-${S_YEAR}-${S_MONTH}-${S_DAY}-${S_HOUR}.log

Then if syslog-ng would use the original zone offset in filename
expansion, you'd get two files. In reality those messages were generated
in the same hour. Inside the file however you get the original timestamp
but also with proper timezone information, the logic behind this is to
preserve the information that it was _originally_ received with a
different timestamp.

This is the default behaviour, however you can also "force" the contents
of the file to use a unified timezone using the timezone() option of the
destination, e.g.

file("/var/log/messages" time_zone("+01:00"))


-- 
Bazsi