[syslog-ng] ts_format(iso) bug or misunderstanding?

Chris Hiestand chiestand at salk.edu
Fri Apr 6 03:31:54 CEST 2012


So I'm using iso timezone format for my syslog clients: options { … ts_format(iso); … };

I expected this to use the iso format for all syslog entries. However, I've found that it only uses
iso format for local syslog entries. syslog entries sent to the syslog-ng collector are in old rfc3164
format.

> chiestand at host:~$ logger -t my-test asdlfkjasdfasdf



which sends (3 local entries, 1 remote entry):
> sudo strace -ff -p 13658
> ...
> write(10, "2012-04-05T18:14:37-07:00 host "..., 64) = 64
> write(11, "2012-04-05T18:14:37-07:00 host "..., 64) = 64
> write(9, "<13>Apr  5 18:25:09 host my-test"..., 58) = 58
> write(14, "2012-04-05T18:14:37-07:00 host "..., 64) = 64

or viewing with tcpdump:
> chiestand at host:/var/log$ sudo tcpdump -A host syslog.server.salk.edu
>> .va<13>Apr  5 18:20:31 host my-test: asdlfkjasdfasdf

I would expect the iso format to be sent to the syslog-ng collector as well. Is this a bug or expected
behavior? I checked bugzilla and debian bug tracker and didn't see anything.

I'm running syslog-ng v3.1 on Debian squeeze.

Thanks,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2322 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120405/080925b4/attachment.bin 


More information about the syslog-ng mailing list