[syslog-ng] Convert UTC to local time zone using syslog-ng

[Balazs Scheidler]

On Sun, 2011-03-27 at 00:47 +0530, Pramod Pillai wrote:
> Hi Robert
> 
> Is there any way to set the timezone on the fly.
> Since the syslog-ng server can be installed in multiple locations(
> around the globe) , I can't hard code it to a specific timezone.

In order to set up proper timezone conversions, syslog-ng needs to know
2 things:

 1) the timezone received messages are coming from
 2) the timezone you want the messages to be converted to

If either of these two is invalid, you get bogus results. The source
timezone for source messages might be specified by the sender (syslog-ng
can do this if ISO timestamps are being used, but legacy syslogds
cannot) If your incoming messages lack timezone information, you can
still specify that for your source driver:

source xxx { udp(time_zone("UTC")); };

This will assign UTC to all messages that lack the timezone information
(and will not touch those which do have).

Next step, is that you can specify the timezone for each of your
destinations:

destination ddd { file("/var/log/messages" time_zone("Europe/Budapest")); };

Without the destination part, syslog-ng will keep the timezone as it 
originally was (without conversion). If you choose to do this, it'd possibly
make sense to add the identified timezone to the files using $ISODATE, or by setting
ts_format("iso").

-- 
Bazsi