[syslog-ng] Timestamp format

Balazs Scheidler bazsi77 at gmail.com
Fri Mar 28 21:45:21 CET 2014


This seems like ab rfc5424 style message, eg the syslog driver. There the
format of the timestamp is defined by the rfc and cannot be overridden.

If you want to customize the format on the network you should be using the
network() driver (used to be called tcp() in older versions) there you can
override the message format with the template () parameter.

ts_format() only controls formatting of file destinations in case a
template is not present or when you explicitly use the $STAMP macro.
On Mar 27, 2014 6:46 PM, "Ou, Jimmy" <Jimmy.Ou at viasat.com> wrote:

>  Hello,
>
>
>
> I am having trouble using the timestamp formatter.
>
> The document says I can use ts_format() as rfc3164, bsd, rfc3339, or iso.
>
>
>
> I've tried multiple values and have gotten the same result.
>
> I've tried putting the ts_format(rfc3339) in the global options and in the
> destination's syslog() and have gotten the same result.
>
>
>
> My test logs show the following no matter what ts_format I set:
>
> <113>1 2014-11-25T11:00:00+00:00 10.1.1.1 RedBox -
>
>
>
> I want it to look like the following:
>
> <113>1 2014-11-25T11:00:00.000Z 10.1.1.1 RedBox -
>
>
>
> Am I missing something?
>
>
>
>
>
> Thanks,
>
> Jimmy Ou
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140328/f356efc0/attachment.htm 


More information about the syslog-ng mailing list