[syslog-ng] Timezone problem?!

Charles Chan digiblue at gmail.com
Wed Feb 11 02:43:28 CET 2009 

I use follow configuration still not work,display "syntax error".
destination us_int_apache {
file("/disk2/apache_logs/$YEAR-$MONTH-$DAY/$HOST.apache.log"
timezone("PST8PDT") template(apache_template)); };

syslog-ng version as follows:
[root at wikid ~]# /opt/syslog-ng/sbin/syslog-ng -V
syslog-ng 3.0.1
Revision:
Compile-Date: Feb  9 2009 09:58:34
Enable-Threads: off
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: on
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps: on
Enable-Pcre: off

2009/2/10 Balazs Scheidler <bazsi at balabit.hu>

> On Tue, 2009-02-10 at 11:47 +0800, Charles Chan wrote:
> > We update syslog-ng to 3.0.1,configuration same with 2.1,but the
> > problem still exists,In 3.0 just have two parameter about
> > timezone("time_zone" and "timezone"),not find specify a location by
> > name instead of using plain timezone offsets which do not support
> > day-light-saving as you say.The Doc not include "timezone" parameter
> > deail  example, Can you help me fix the problem and give me some
> > config examples?
>
> When using timezone() in 3.0, you can reference the name of the
> timezone, e.g.
>
> timezone("Europe/Budapest");
>
> The name of the timezone can either be a direct timezone offset
> reference as earlier (e.g. +01:00), or the name of a timezone info file
> under /usr/share/zoneinfo.
>
> I'm Ccing the documentation team, to clarify the documentation about
> this.
>
> >
> > 2009/1/17 Balazs Scheidler <bazsi at balabit.hu>
> >
> >         On Thu, 2009-01-15 at 15:03 +0800, Charles Chan wrote:
> >         > Recently I use the syslog-ng for log collection environment
> >         > encountered a time zone problem,hope somebody can help
> >         me.Thanks
> >         > The environment is like this:
> >         > The apache server(PDT timezone,UTC-8) forword apache log
> >         through
> >         > syslog to the syslog-ng server(CST timezone,UTC+8).
> >         > The server with same time zones no problem between the
> >         forward.
> >         > Syslog-ng test configuration is as follows:
> >         > destination int_apache (file ( "/ disk3/cookie_logs/pid1 / $
> >         YEAR-$
> >         > MONTH-$ DAY / $ (HOST). apache.log" time_zone (-08:00)
> >         template ( "$
> >         > DAY-$ HOUR $ S_DAY-$ S_HOUR $ R_DAY-$ R_HOUR $ $ ISODATE $
> >         MSGONLY \ n
> >         > ") template_escape (no)););
> >         >
> >         > The original apache log is:
> >         > 58.240.69.161 - - - [14/Jan/2009: 22:27:47 -0800] "GET /
> >         > www.example.com/ HTTP/1.1" 200 2028 "-" "Mozilla/4.0
> >         ( compatible;
> >         > MSIE 7.0; Windows NT 5.1) "
> >         >
> >         > The syslog-ng server generated log is:
> >         > 14-22 14-22 14-22 2009-01-14T22 :27:47-08: 00 58.240.69.161
> >         - - -
> >         > [14/Jan/2009: 22:27:47 -0800] "GET / www.example. com /
> >         HTTP/1.1 "200
> >         > 2028" - "" Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
> >         5.1) "
> >         >
> >         > Originally generated documents should be kept in
> >         > /disk3/cookie_logs/pid1/2009-01-14
> >         > However, the actual file is stored in the
> >         > /disk3/cookie_logs/pid1/2009-01-15
> >         > It can be seen, in fact, syslog-ng configuration item file()
> >         use the
> >         > $DAY and template()  use the $DAY not with a identical
> >         Macros. Is this
> >         > the syslog-ng a bug? or I configuration errors. Who can help
> >         me answer
> >         > you?Thanks!
> >
> >
> >         Well, as I researched this area, there's some version
> >         dependance here.
> >         In syslog-ng 2.1 (and probably 2.0, but I haven't checked) if
> >         you use
> >         the time related macros in a filename, then the timestamps are
> >         converted
> >         to use the local timezone of the syslog-ng process. In the
> >         examples
> >         above, the time_zone() option only affects the _contents_ of
> >         the file,
> >         and not the filenames.
> >
> >         In 3.0 this "behaviour" is fixed and the timezone of the
> >         timestamp is
> >         used, without alteration.
> >
> >         (and NOTE that in 3.0 the timezone handling was expanded
> >         significantly,
> >         e.g. you can specify a location _by name_ instead of using
> >         plain
> >         timezone offsets which do not support day-light-saving)
> >
> >         --
> >         Bazsi
> >
> >
> >
> ______________________________________________________________________________
> >         Member info:
> >         https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >         Documentation:
> >         http://www.balabit.com/support/documentation/?product=syslog-ng
> >         FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090211/8f5a1839/attachment-0001.htm

More information about the syslog-ng mailing list