[syslog-ng] syslog-ng 3.0.4 not adjusting for daylight savings time

Patrick A. Green pgreen at northwestern.edu
Mon Mar 22 18:01:41 CET 2010



Balazs Scheidler wrote:
> On Thu, 2010-03-18 at 09:19 -0500, Chris Fabri wrote:
>   
>> On Thu, Mar 18, 2010 at 4:53 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
>>     
>>> On Wed, 2010-03-17 at 09:44 -0500, Chris Fabri wrote:
>>>       
>>>> I have a red hat 3 system running 3.0.4  It did not successfully
>>>> adjust for daylight savings time.    Everything else on the system is
>>>> fine - syslog is showing the correct time stamps, the system reports
>>>> the correct time.   Restart of syslog-ng, and shutting down both
>>>> syslog and syslog-ng did not help.  I didn't see anything in the lists
>>>> addressing this, here are details of my syslog-ng:
>>>>
>>>> [fabric at netlog dhcp]$ sudo /usr/local/sbin/syslog-ng -V
>>>> syslog-ng 3.0.4
>>>> Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10
>>>> Compile-Date: Aug 24 2009 16:54:31
>>>> Enable-Threads: off
>>>> Enable-Debug: off
>>>> Enable-GProf: off
>>>> Enable-Memtrace: off
>>>> Enable-Sun-STREAMS: off
>>>> Enable-Sun-Door: off
>>>> Enable-IPv6: on
>>>> Enable-Spoof-Source: off
>>>> Enable-TCP-Wrapper: on
>>>> Enable-SSL: off
>>>> Enable-SQL: off
>>>> Enable-Linux-Caps: on
>>>> Enable-Pcre: off
>>>>
>>>>
>>>>  I didn't see anything in the man page for adjusting for time.  I have
>>>> keep_timestamp(no) configured in my conf file.   The systems sending
>>>> the syslog files time is correctly adjusted for daylight savings.  Is
>>>> this a bug in this particular version, or am I just missing the right
>>>> flag or something?     chris
>>>>         
>>> You state that syslog is showing correct timestamps. Is that syslogd? Or
>>> where do you see the problem?
>>>
>>>       
>> Problem is only with syslog-ng.   syslogd is working fine.   
>>     
>
> Can you give a more concrete example? Like the timezone you are in, the
> message that gets misinterpreted.
>
> syslog-ng should cope with timezones well. We had a recent related issue
> that it didn't work, but only in the transition window (e.g. for one
> hour until the DST becomes non-DST or vica versa)
>
>
>
>   

I'm in Chicago so US/Central which is -0600 in Winter and -0500 in Summer.

Here's an example of the log:

Mar 22 11:34:34 netlog-e0 su(pam_unix)[4974]: session opened for user 
root by ...
Mar 22 10:38:16 netlog-e0 netlog syslog-ng[20695]: Log statistics ...

Here's the important part of the configuration concerning time:

options {
          use_dns(yes);         # syslog-ng blocks on DNS lookups
          use_fqdn(no);         # fully qualified domain name
          dns_cache(yes);       # syslog-ng internal dns caching
          keep_hostname(no);    # hostname from syslog message
          chain_hostnames(no);  # add resolved host name
          keep_timestamp(no);     # use received time v3
#          use_time_recvd(yes);  # time from syslog message v2
};
# syslog-ng internal messages
source src_internal {
    internal();
};
# increase max number of tcp sources
source src {
        tcp(max-connections(100));
};

Pat.



More information about the syslog-ng mailing list