[syslog-ng] v3.0.8: How to logging messages with non-rfc timestamps?
Sergey V. Lobanov
sergey at lobanov.in
Sun Aug 29 15:27:56 CEST 2010
I'm using syslog-ng v3.0.8(OSE) for logging messages from remote devices. There is a host which sends messages with incorrect timestamp format, for example "Jan 19 15:52:7". Syslog-ng does not store the first word in timestamp via macros $MSGHDR.
For example:
$ echo "<134>Jan 19 15:52:7 test" | nc -u 192.168.3.142 514
^C
But log file does not contains the word 'Jan':
Aug 29 16:49:10 10.147.0.202 10.147.0.202 19 15:52:7 test
Configuration file:
@version: 3.0
options {
use_dns(yes);
};
source src_remote
{
udp(ip("0.0.0.0") port(514) flags(store-legacy-msghdr));
tcp(ip("0.0.0.0") port(514) flags(store-legacy-msghdr));
};
template t_remote {template("$DATE $SOURCEIP $HOST_FROM $MSGHDR$MESSAGE\n"); template_escape(no); };
destination remoteall { file("/var/log/all-remote.log" template(t_remote)); };
log { source(src_remote); destination(remoteall); };
How can I store the original timestamp from the remote host?
--
wbr,
Sergey V. Lobanov
More information about the syslog-ng
mailing list