[syslog-ng] Syslog-ng timestamp problem

Tamas Szklenar tszklenar at cfa.harvard.edu
Fri Jun 3 17:54:04 CEST 2011 

Dear Zoltan,

Thank you for your help!
I totally forget to configure the time zones on our computers. I will 
try one solution soon...

Tamas
> Hi,
>
> general description about timezone in syslog-ng:
> * If no timezone information in the incoming message, syslog-ng will 
> assign the local timezone for the message by default
>  * The default timezone can be overridden using the global 
> recv_time_zone() or source specific time_zone() option
> * If the incoming message contains timezone information, syslog-ng 
> will use it as timezone
>
> Because BSD syslog protocol does not contain timezone information in 
> timestamp by default (example for BSD timestamp: Jan  1 14:45:22), if 
> your client send BDS style messages, syslog-ng will use the local 
> timezone.
> There are two possible solutions:
>  * you can override the default timezone using the above options 
> (time_zone(), recv_time_zone())
>  * you can change the default timestamp type for the sent messages in 
> the clients. To change it use the 'ts_format("iso")' option in every 
> client configuration, after changing, syslog-ng will use an extended 
> timestamp for BSD messages (e.g.: 2011-03-24T15:13:45+01:00).
>
> Also, there is a third solution, you can use syslog protocol (rfc 
> 5424) instead of BSD, in this case you can use syslog() sources on the 
> server, and syslog() destination on the clients, the default timestamp 
> for syslog protocol is ISO date.
>
>
> On 2011-06-02 16:37, Tamas Szklenar wrote:
>> Hi,
>>
>> I configured a syslog-ng server and several clients for testing and it
>> is working great, my only problem is with the timestamp() option.
>> We have a lot of computer in different time zones and I would like to
>> set up the system to keep the messages time stamps.
>> Here is the config for the syslog-ng server:
>>
>> options {
>>           flush_lines(5);
>>           flush_timeout(1000);
>>           time_reopen(10);
>>           log_fifo_size(1000);
>>           long_hostnames(off);
>>           use_dns(yes);
>>           dns_cache_hosts(/etc/hosts);
>>           use_fqdn(no);
>>           create_dirs(yes);
>>           dir_perm(0700);
>>           keep_hostname(yes);
>>           keep_timestamp(yes);
>>           stats_freq(0);
>>           };
>>
>> Is there something else what I have to whit this?
>>
>> Thanks for your help!
>>
>> Tamas
>>
>> ______________________________________________________________________________ 
>>
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: 
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>

More information about the syslog-ng mailing list