[syslog-ng] timezone issues

Balazs Scheidler bazsi at balabit.hu
Sat Nov 3 22:40:53 CET 2007


On Fri, 2007-10-26 at 13:49 +1300, Campbell Simpson wrote:
> Hi
> 
> I'm having problems using the timezone() function on my source drivers.
> My syslog-ng server is set up to receive syslog messages from the
> network. The servers sending to it are set to GMT+0 and the timezone
> information is not sent in the syslog messages.
> 
> I would like to be able to do a conversion on the received time stamp
> and write the time to a fifo buffer in localtime on the syslog box.
> 
> I'm running syslog-ng 2.0.5 on Redhat Enterprise.
> 
> My config looks like:
> 
> options {
>         sync (20);
>         stats_freq (60);
>         dns_cache (yes);
>         time_reopen (10);
>         log_fifo_size (1000);
>         long_hostnames (off);
>         use_dns (persist_only);
>         dns_cache_hosts(/etc/hosts);
>         use_fqdn (no);
>         create_dirs (no);
>         keep_hostname (yes);
> };
> 
> source s_net {
>         udp(port(514) time_zone(+00:00));
> };

Syslog-ng erroneously always defaulted to the local timezone if no
timezone was specified in the incoming timestamp.

The patch below should fix this problem. (I've also committed it to my
git tree)

diff --git a/src/logmsg.c b/src/logmsg.c
index d2264a5..b4354bf 100644
--- a/src/logmsg.c
+++ b/src/logmsg.c
@@ -291,7 +291,6 @@ log_msg_parse(LogMessage *self, gchar *data, gint length, guint flags, regex_t *
       /* NOTE: no timezone information in the message, assume it is local time */
       self->stamp.time.tv_sec = mktime(&tm);
       self->stamp.time.tv_usec = 0;
-      self->stamp.zone_offset = get_local_timezone_ofs(self->stamp.time.tv_sec); /* assume local timezone */
       
     }
   else if (left >= 15 && src[3] == ' ' && src[6] == ' ' && src[9] == ':' && src[12] == ':')
@@ -340,9 +339,11 @@ log_msg_parse(LogMessage *self, gchar *data, gint length, guint flags, regex_t *
       /* NOTE: no timezone information in the message, assume it is local time */
       self->stamp.time.tv_sec = mktime(&tm);
       self->stamp.time.tv_usec = usec;
-      self->stamp.zone_offset = get_local_timezone_ofs(self->stamp.time.tv_sec); /* assume local timezone */
     }
     
+  if (self->stamp.zone_offset == -1)
+    self->stamp.zone_offset = get_local_timezone_ofs(self->stamp.time.tv_sec); /* assume local timezone */
+    
   if (self->date.len)
     {
       /* Expected format: hostname program[pid]: */
@@ -595,7 +596,8 @@ log_msg_init(LogMessage *self, GSockAddr *saddr)
   self->ref_cnt = 1;
   gettimeofday(&self->recvd.time, NULL);
   self->recvd.zone_offset = get_local_timezone_ofs(self->recvd.time.tv_sec);
-  self->stamp = self->recvd;
+  self->stamp.time = self->recvd.time;
+  self->stamp.zone_offset = -1;
   log_msg_init_string(&self->date, 16);
   log_msg_init_string(&self->host, 32);
   log_msg_init_string(&self->host_from, 32);


-- 
Bazsi



More information about the syslog-ng mailing list