[syslog-ng] S_DATE apparently not working

[Balazs Scheidler]

On Thu, 2007-06-07 at 11:57 +0200, Giulio Botto wrote:
> Hello,
> 
> I'm new to both syslog-ng and the list so I first tried the docs and archives,
> but couldn't find anything enlightening.
> 
> We have a syslog-ng 2.0.3 running on CentOS 5 and some Cisco PIX appliances
> sending their logs to it.
> 
> If my understanding is correct I should be receiving the sender's timestamp
> and should be able to log it in my log files instead of the the receiving
> timestamp by application of the S_DATE macro.

If syslog-ng received an invalid timestamp or no timestamp, it generates
a new value for S_DATE based on the local time.

Can you post a sample log message as received by syslog-ng? a tcpdump or
an strace dump with the string size set to a high value (-s 4096 for
instance) could be helpful.

-- 
Bazsi