[syslog-ng] S_DATE apparently not working
Giulio Botto
madecto at sangria.org.il
Thu Jun 7 11:57:12 CEST 2007
Hello,
I'm new to both syslog-ng and the list so I first tried the docs and archives,
but couldn't find anything enlightening.
We have a syslog-ng 2.0.3 running on CentOS 5 and some Cisco PIX appliances
sending their logs to it.
If my understanding is correct I should be receiving the sender's timestamp
and should be able to log it in my log files instead of the the receiving
timestamp by application of the S_DATE macro.
We tried changeing the time on one of the PIXes in the assumption we'd
see it's timestamp on our logfile, but continued to see the receiving
time no matter what macro we used in our template.
Any hint to what I'me getting wrong will be very much appreciated.
Below is the relevant configuration:
options {
use_dns(yes);
dns_cache_hosts(/etc/hosts);
dns_cache_expire(87600);
chain_hostnames(no);
use_time_recvd(no);
};
source s_remote {
tcp(ip(0.0.0.0) port(514) keep_timestamp(yes));
udp(ip(0.0.0.0) port(514) keep_timestamp(yes));
};
destination d_separatedbyhosts {
file("/var/log/syslog-ng/$HOST.log" owner("root") group("root") perm(0640)
dir_perm(0750) create_dirs(yes) template("<$PRI>$S_DATE $HOST $MSG\n")
template-escape(no));
};
--
Giulio Botto -- madecto at sangria.org.il
PGP fingerprint = 1979 A78A 8F82 DB5E 55E9 D6D6 6AB6 0BA9 FDB7 6789
More information about the syslog-ng
mailing list