[syslog-ng] Syslog destination time/folder issues
Marco Mignone
info at marcomignone.com
Tue Nov 22 11:30:44 UTC 2016
Hi All,
I am experiencing a weird problem with Syslog-NG 3.8.1 on Ubuntu 14.04
When syslog receives syslog messages from couple of specific nodes it saves it on a destination folder as per the config below:
source s_rohnet {
network(
transport("udp")
);
};
destination d_rohnet_switches {
file("/var/log/ROHNetwork/${YEAR}.${WEEK}/${HOST}.log" create-dirs(yes) dir-owner("rohadmin"));
};
The devices are NTP synchronised and the date output is correct on the Ubuntu server:
>date
Tue Nov 22 11:21:14 GMT 2016
Beside these the log folders created where the files gets stored are: /2015.51/192.168.33.8.log (it should be /2016.47/).
This is happening only for two nodes while all the rest seems to work fine.
I have captured some network traffic and the message received by syslog-ng on the network card seems also correct as per Wireshark output:
Syslog message: LOCAL6.NOTICE: NOV 22 10:31:23 192.168.33.8-1 CMDLOGGER[165319912]: cmd_logger_api.c(83) 13518 %% CLI:192.168.32.100:root:User logged in
This is a Dell switch and I am opening a case with them but I would like to know where else I should check for configuration errors.
Syslog config is exactly the one reported above.
Any idea of what I could check for further troubleshooting on the Syslog side?
Thanks,
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161122/36f3606f/attachment.html>
More information about the syslog-ng
mailing list