[syslog-ng] syslog-ng logging with wrong year
Mayashankar Mishra
mmishra at isabel.eu
Tue Feb 10 16:04:27 CET 2009
Hi,
Earlier there was issue with the incomming months,but that was resolved and during this january month when yaer changed.
It logged for 2008 for some time.
I use destination
destination nfsstore_messages { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/messages" template(t_gen));};
destination nfsstore_maillog { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/maillog" template(t_gen));};
destination nfsstore_spooler { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/spooler" template(t_gen));};
destination nfsstore_secure { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/secure" template(t_gen));};
destination nfsstore_boot { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/boot" template(t_gen));};
destination nfsstore_cron { file("/var/log/hosts/$YEAR.$MONTH.$DAY/nfsstore/cron" template(t_gen));};
But when I see the logs in file message/maillog or ... it has the time stamp of the 2009, but the entire logs was collected under 2008.01.01/nfsstore/ instead of 2009.01.01 , but after some times it started logging corectly to 2009.01.01
Yes the version is 2.1.1 which I upgared from 2.0.8 version bcoz of earlier bug with wrong months
Thanks & Regards
Mayashankar Mishra
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: 2009-02-10 15:53
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng logging with wrong year
On Tue, 2009-02-10 at 13:35 +0100, Mayashankar Mishra wrote:
>
> I have syslog-ng 2.1.1 running, still i face the problem
>
> when the date changed from 31 Dec 2008 to 1 Jan 2009, some of the
> log files still log as 1 Jan 2008
>
> Is it resolved in higher version, and if yes which ?
Well, are you sure you are running 2.1.1? A related bug was fixed in
2.1beta1:
* Fixed the year recognition heuristics as the older used the
previous year in some cases when the client's clock was too fast.
This is how the code should look like (logmsg.c, log_msg_parse function)
tm.tm_year = nowtm->tm_year;
if (tm.tm_mon > nowtm->tm_mon + 1)
tm.tm_year--;
This means that if the incoming month value is larger than the current month, we assume that it came from the previous year.
E.g. if the current month is January, and the incoming date is claiming March, then we assume that it came from the previous year.
--
Bazsi
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
Mayashankar Mishra
Consultant
E-mail : mmishra at isabel.eu
Tel : +32 (0)2 403.18.84
Fax : +32
Isabel NV/S.A.
Keizerinlaan 13-15 Boulevard de l'Impératrice
1000 Brussels - Belgium
RPR Bruxelles / RPM Brussel: BE 0455 530 509
http://www.isabel.eu/ http://www.zoomit.eu/
Zoomit is a Registered Trademark of Isabel NV/S.A.
Disclaimer : http://www.isabel.eu/gps/en/disclaimer/mailing.php
More information about the syslog-ng
mailing list