[syslog-ng] syslog-ng logging with wrong year

Jean-Sebastien Pilon jspilon at PENSON.CA
Wed Apr 9 15:20:49 CEST 2008 

> 
> And in addition, the timestamp of the message does not contain a year,
> there's a heuristic in syslog-ng to determine that.
>
> Here's the heuristic used:
>
>       tm.tm_year = nowtm.tm_year;
>       if (tm.tm_mon > nowtm.tm_mon)
>         tm.tm_year--;
>
> E.g. if the current month is smaller than the month in the timestamp,
> syslog-ng assumes that it comes from the previous year. Hmm... Maybe
> this heuristic would be better:
>
>       tm.tm_year = nowtm.tm_year;
>       if (tm.tm_mon == 11 && nowtm.tm_mon == 0)
>         tm.tm_year--;
>
> E.g. the year is decreased only if the receiver's time is in January,
> and the sender came in as December. This would not handle really
skewed
> timestamps, but your case would be covered.
>
> I'm reluctant to change this in 2.0 (the current algorithm has been in
> place for about a decade now), however I can commit a patch to 2.1.
What
> do others think?
>
> And a side-note: the best solution is to use a timestamp that actually
> includes the year information, like ISODATE.


How can I set ISODATE?
NOTICE: This email contains privileged and confidential information and is intended only for the individual to whom it is addressed. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this transmission by mistake and delete this communication from your system. E-mail transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. 

AVIS: Le présent courriel contient des renseignements de nature privilégiée et confidentielle et n’est destiné qu'à la personne à qui il est adressé. Si vous n’êtes pas le destinataire prévu, vous êtes par les présentes avisés que toute diffusion, distribution ou reproduction de cette communication est strictement interdite.  Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement l’expéditeur et le supprimer de votre système. Notez que la transmission de courriel ne peut en aucun cas être considéré comme inviolable ou exempt d’erreur puisque les informations qu’il contient pourraient être interceptés, corrompues, perdues, détruites, arrivées en retard ou incomplètes ou contenir un virus.  

More information about the syslog-ng mailing list