[syslog-ng] TimeStamps
David Campeau
David.Campeau at tn.gov
Thu Dec 8 14:54:07 UTC 2016
Thank you for the suggestion, as it fixed the issue.
Really appreciate the help.
Best Regards.
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Thursday, December 08, 2016 12:01 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] TimeStamps
Keep-timestamp only affects the time and not the formatting.
Syslog-ng can format your timestanp in a number of ways, your example seems ti indicate that you are using the syslog() destination, which uses rfc5424 formatting wheras you might want the tcp() driver which uses the legacy rfc3164.
The latter uses the format you want, although that does not include year information.
On Dec 7, 2016 22:49, "David Campeau" <David.Campeau at tn.gov<mailto:David.Campeau at tn.gov>> wrote:
Hello,
Using a syslog-ng sever to filter syslogs before forwarding. I’m being asked to not change the timestamp in the syslog message. I’ve tried the “keep-timestamp(yes);” option in the syslog-ng.conf, but there’s no change in the timestamp. There must be an option I’m missing?
Example of the change:
Dec 07 15:08:57 <<<< Not filtered by syslog-ng
1 2016-12-07T15:07:32-06:00 <<< Filtering currently with syslog-ng
Thank you for looking
Best Regards,
David
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161208/1368f06d/attachment.html>
More information about the syslog-ng
mailing list