[syslog-ng] TimeStamps
Scheidler, Balázs
balazs.scheidler at balabit.com
Thu Dec 8 06:00:39 UTC 2016
Keep-timestamp only affects the time and not the formatting.
Syslog-ng can format your timestanp in a number of ways, your example seems
ti indicate that you are using the syslog() destination, which uses rfc5424
formatting wheras you might want the tcp() driver which uses the legacy
rfc3164.
The latter uses the format you want, although that does not include year
information.
On Dec 7, 2016 22:49, "David Campeau" <David.Campeau at tn.gov> wrote:
> Hello,
>
>
>
> Using a syslog-ng sever to filter syslogs before forwarding. I’m being
> asked to not change the timestamp in the syslog message. I’ve tried the
> “keep-timestamp(yes);” option in the syslog-ng.conf, but there’s no change
> in the timestamp. There must be an option I’m missing?
>
>
>
> Example of the change:
>
>
>
> Dec 07 15:08:57 <<<< Not filtered by syslog-ng
>
>
>
> 1 2016-12-07T15:07:32-06:00 <<< Filtering currently with syslog-ng
>
>
>
>
>
>
>
> Thank you for looking
>
>
>
> Best Regards,
>
>
>
> David
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161208/7470c329/attachment.html>
More information about the syslog-ng
mailing list