[syslog-ng] Handling multiple timezones
Chris Hiestand
chiestand at salk.edu
Fri Apr 6 00:03:13 CEST 2012
After some googling and reading the admin guide, I think what I want to do is not possible. But I'd like confirmation.
My syslog-ng server gets syslog messages from clients with two timezones: UTC and US/Pacific. But the UTC clients (ESXi servers) cannot specify the UTC timezone, so the collector incorrectly assumes the timestamps are local (US/Pacific). I'd really like to convert the UTC timezone to US/Pacific so my entire output is in US/Pacific. But the only place I can specify a source timezone is in the source section - however both client groups send syslogs to the same source so I cannot do that.
So potential workarounds are:
A. Set all the clients to output in the UTC timezone so that I can set UTC in the common source and then convert to US/Pacific as the default output timezone.
B. Setup another IP address to collect syslogs, and set the different timezone on that source (and configure all of those timezones clients to syslog to a different IP). This means you need N IP addresses to collect N different timezones.
Is it considered "Best Practice" to have all clients send syslogs in UTC timezone to avoid this complication?
Any help is appreciated. Thanks,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2322 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120405/ed845515/attachment.bin
More information about the syslog-ng
mailing list