[syslog-ng] syslog-ng logging with wrong year
Jean-Sebastien Pilon
jspilon at PENSON.CA
Wed Apr 9 14:54:16 CEST 2008
> My first guess is that the system clock of the affected hosts might be
> skewed.
We use ntp, and the time appears ok on the syslog clients.
> Could you check the system clock of these?
Note that the 3-4 hosts changes each month... looks like they may be the only ones that sent logs around 00:00.
> These macros use the timestamp of the log message. Macros prefixed with
> R_ use the timestamp of the receiver (the syslog-ng server). So either
> the system clock of the hosts should be adjusted or the $R_YEAR,
> $R_MONTH, ... macros should be used. I'd check the system clock first.
That could be a solution, but I prefer keeping timestamp from host. This will be even more important if we move to the premium edition of Syslog-ng with disk buffering.
NOTICE: This email contains privileged and confidential information and is intended only for the individual to whom it is addressed. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this transmission by mistake and delete this communication from your system. E-mail transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
AVIS: Le présent courriel contient des renseignements de nature privilégiée et confidentielle et nest destiné qu'à la personne à qui il est adressé. Si vous nêtes pas le destinataire prévu, vous êtes par les présentes avisés que toute diffusion, distribution ou reproduction de cette communication est strictement interdite. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement lexpéditeur et le supprimer de votre système. Notez que la transmission de courriel ne peut en aucun cas être considéré comme inviolable ou exempt derreur puisque les informations quil contient pourraient être interceptés, corrompues, perdues, détruites, arrivées en retard ou incomplètes ou contenir un virus.
More information about the syslog-ng
mailing list