[syslog-ng] syslog-ng events in log timestamping wrong

Scheidler, Balázs balazs.scheidler at balabit.com
Tue Nov 21 05:51:23 UTC 2017 

Can you pls show a more concrete sample? I dont understand "are being
timestamped at the rotation time".

3.2 is ancient but I am not sure any newer stuff is available on cygwin.

On Nov 21, 2017 00:29, "Contreras, Gerald (DPS)" <
Gerald.Contreras at aph.gov.au> wrote:

Hi All,

I am very new to syslog-ng via Cygwin.

I am having trouble with MWG proxy logs where individual events inside the
log are being timestamped at the rotation time (timestamping at
00:00-00:01AM).
This happens intermittently so the problem isn't constant. I have verified
via packet captures that the timestamp is correct up until syslog-ng begins
to handle the event and write it to the log.

My syslog-ng.conf is as follows

===============================================================
@version: 3.2

@include "scl.conf"


options {

    create_dirs(yes);

    use_dns(yes);

    dns_cache_hosts(/etc/hosts);

    dns_cache_expire(3600);

    chain_hostnames(0);

    log_fifo_size(512);

    perm(0644);

    dir_perm(0755);

    time_reopen(10);

    time_reap(360);

    use_fqdn(no);

    keep_hostname(no);

    stats_freq(0);

};


source s_network {

    udp(port("514"));

};


destination s_files {

    file("/cygdrive/d/syslog/$HOST/$HOST-$MONTH-$DAY.log" create_dirs(yes));

};

log { source(s_network); destination(s_files); };
==============================================================

Thanks. Any help or direction would be much appreciated



Important Notice: If you have received this email by mistake, please advise
the sender and delete the message and attachments immediately. This email,
including attachments, may contain confidential, sensitive, legally
privileged and/or copyright information. Any review, retransmission,
dissemination or other use of this information by persons or entities other
than the intended recipient is prohibited.

Please consider the environment before printing this email.
____________________________________________________________
__________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?
product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171121/59e6e03e/attachment.html>

More information about the syslog-ng mailing list