[syslog-ng] syslog-ng logging with wrong year
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Wed Apr 9 08:05:07 CEST 2008
Hi,
> Hello,
>
> We have a log collector receiving logs from several nodes and it is
> logging in the wrong $YEAR directory every 1st of the month for some
> host for about 2 minutes...
My first guess is that the system clock of the affected hosts might be
skewed.
> We have 75 nodes sending logs, and we have a directory created under
> /var/log/hosts/2007/*/01/hostname for about 3-4 host.
Could you check the system clock of these?
> destination d_local
> {
> file("/var/log/hosts/$YEAR/$MONTH/$DAY/$HOST");
> };
These macros use the timestamp of the log message. Macros prefixed with
R_ use the timestamp of the receiver (the syslog-ng server). So either
the system clock of the hosts should be adjusted or the $R_YEAR,
$R_MONTH, ... macros should be used. I'd check the system clock first.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list