[syslog-ng] S_DATE apparently not working
Giulio Botto
madecto at sangria.org.il
Wed Jun 13 16:49:32 CEST 2007
Balazs Scheidler wrote:
> On Wed, 2007-06-13 at 12:33 +0200, Giulio Botto wrote:
>> Balazs Scheidler wrote:
>>> On Thu, 2007-06-07 at 11:57 +0200, Giulio Botto wrote:
>>>> Hello,
>>>>
>>>> I'm new to both syslog-ng and the list so I first tried the docs and archives,
>>>> but couldn't find anything enlightening.
>>>>
>>>> We have a syslog-ng 2.0.3 running on CentOS 5 and some Cisco PIX appliances
>>>> sending their logs to it.
>>>>
>>>> If my understanding is correct I should be receiving the sender's timestamp
>>>> and should be able to log it in my log files instead of the the receiving
>>>> timestamp by application of the S_DATE macro.
>>> If syslog-ng received an invalid timestamp or no timestamp, it generates
>>> a new value for S_DATE based on the local time.
>>>
>>> Can you post a sample log message as received by syslog-ng? a tcpdump or
>>> an strace dump with the string size set to a high value (-s 4096 for
>>> instance) could be helpful.
>>>
>
> PIX uses a funny timestamp, that syslog-ng could not understand. Can you
> check if this patch fixes the issue:
>
[...]
Works perfectly, thanks!
--
Giulio Botto -- madecto at sangria.org.il
PGP fingerprint = 1979 A78A 8F82 DB5E 55E9 D6D6 6AB6 0BA9 FDB7 6789
More information about the syslog-ng
mailing list