[syslog-ng] timezone issues

[Campbell Simpson]

Hi

I'm having problems using the timezone() function on my source drivers.
My syslog-ng server is set up to receive syslog messages from the
network. The servers sending to it are set to GMT+0 and the timezone
information is not sent in the syslog messages.

I would like to be able to do a conversion on the received time stamp
and write the time to a fifo buffer in localtime on the syslog box.

I'm running syslog-ng 2.0.5 on Redhat Enterprise.

My config looks like:

options {
        sync (20);
        stats_freq (60);
        dns_cache (yes);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (persist_only);
        dns_cache_hosts(/etc/hosts);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (yes);
};

source s_net {
        udp(port(514) time_zone(+00:00));
};

destination splunk1 { pipe("/var/data/syslog.fifo" template("$DATE $TZ -
$R_TZ - $S_TZ $HOST $MSG\n")); };
destination splunk2 { pipe("/var/data/syslog2.fifo"); };
destination aaatransact { file("/var/data/aaatransact.log"); };
destination aaaprocess { file("/var/data/aaaprocess.log"); };

log { source(s_net); filter(f_local4); destination(splunk1); };
log { source(s_net); filter(f_local4); destination(aaatransact); };
log { source(s_net); filter(f_local5); destination(splunk2); };
log { source(s_net); filter(f_local5); destination(aaaprocess); };


The output to /var/data/syslog.fifo however looks like:

Oct 26 00:39:55 +13:00 - +13:00 - +13:00 blah blah blah


It doesn't matter what I change the time_zone value to, it always gets
reported as +13:00. Even setting the global recv_time_zone doesn't
change anything...

Anyone got any ideas?

Thanks

Campbell