[syslog-ng] syslog-ng 3.0.4 not adjusting for daylight savings time
Balazs Scheidler
bazsi at balabit.hu
Mon Mar 22 20:00:48 CET 2010
On Mon, 2010-03-22 at 12:01 -0500, Patrick A. Green wrote:
>
> Balazs Scheidler wrote:
> > On Thu, 2010-03-18 at 09:19 -0500, Chris Fabri wrote:
> >
> >> On Thu, Mar 18, 2010 at 4:53 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> >>
> >>> On Wed, 2010-03-17 at 09:44 -0500, Chris Fabri wrote:
> >>>
> >>>> I have a red hat 3 system running 3.0.4 It did not successfully
> >>>> adjust for daylight savings time. Everything else on the system is
> >>>> fine - syslog is showing the correct time stamps, the system reports
> >>>> the correct time. Restart of syslog-ng, and shutting down both
> >>>> syslog and syslog-ng did not help. I didn't see anything in the lists
> >>>> addressing this, here are details of my syslog-ng:
> >>>>
> >>>> [fabric at netlog dhcp]$ sudo /usr/local/sbin/syslog-ng -V
> >>>> syslog-ng 3.0.4
> >>>> Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10
> >>>> Compile-Date: Aug 24 2009 16:54:31
> >>>> Enable-Threads: off
> >>>> Enable-Debug: off
> >>>> Enable-GProf: off
> >>>> Enable-Memtrace: off
> >>>> Enable-Sun-STREAMS: off
> >>>> Enable-Sun-Door: off
> >>>> Enable-IPv6: on
> >>>> Enable-Spoof-Source: off
> >>>> Enable-TCP-Wrapper: on
> >>>> Enable-SSL: off
> >>>> Enable-SQL: off
> >>>> Enable-Linux-Caps: on
> >>>> Enable-Pcre: off
> >>>>
> >>>>
> >>>> I didn't see anything in the man page for adjusting for time. I have
> >>>> keep_timestamp(no) configured in my conf file. The systems sending
> >>>> the syslog files time is correctly adjusted for daylight savings. Is
> >>>> this a bug in this particular version, or am I just missing the right
> >>>> flag or something? chris
> >>>>
> >>> You state that syslog is showing correct timestamps. Is that syslogd? Or
> >>> where do you see the problem?
> >>>
> >>>
> >> Problem is only with syslog-ng. syslogd is working fine.
> >>
> >
> > Can you give a more concrete example? Like the timezone you are in, the
> > message that gets misinterpreted.
> >
> > syslog-ng should cope with timezones well. We had a recent related issue
> > that it didn't work, but only in the transition window (e.g. for one
> > hour until the DST becomes non-DST or vica versa)
> >
> >
> >
> >
>
> I'm in Chicago so US/Central which is -0600 in Winter and -0500 in Summer.
>
> Here's an example of the log:
>
> Mar 22 11:34:34 netlog-e0 su(pam_unix)[4974]: session opened for user
> root by ...
> Mar 22 10:38:16 netlog-e0 netlog syslog-ng[20695]: Log statistics ...
>
> Here's the important part of the configuration concerning time:
and which is the expected time? 11:34 or 10:38?
>
> options {
> use_dns(yes); # syslog-ng blocks on DNS lookups
> use_fqdn(no); # fully qualified domain name
> dns_cache(yes); # syslog-ng internal dns caching
> keep_hostname(no); # hostname from syslog message
> chain_hostnames(no); # add resolved host name
> keep_timestamp(no); # use received time v3
> # use_time_recvd(yes); # time from syslog message v2
> };
> # syslog-ng internal messages
> source src_internal {
> internal();
> };
> # increase max number of tcp sources
> source src {
> tcp(max-connections(100));
> };
--
Bazsi
More information about the syslog-ng
mailing list