[syslog-ng] syslog-ng events in log timestamping wrong

Tue Nov 21 18:51:55 UTC 2017

destination d_file {
file("/opt/syslog-ng/logs/$R_YEAR$R_MONTH$R_DAY/$HOST_FROM-$R_HOUR.log");};

On Tue, Nov 21, 2017 at 12:51 AM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

> Can you pls show a more concrete sample? I dont understand "are being
> timestamped at the rotation time".
>
> 3.2 is ancient but I am not sure any newer stuff is available on cygwin.
>
>
> On Nov 21, 2017 00:29, "Contreras, Gerald (DPS)" <
> Gerald.Contreras at aph.gov.au> wrote:
>
> Hi All,
>
> I am very new to syslog-ng via Cygwin.
>
> I am having trouble with MWG proxy logs where individual events inside the
> log are being timestamped at the rotation time (timestamping at
> 00:00-00:01AM).
> This happens intermittently so the problem isn't constant. I have verified
> via packet captures that the timestamp is correct up until syslog-ng begins
> to handle the event and write it to the log.
>
> My syslog-ng.conf is as follows
>
> ===============================================================
> @version: 3.2
>
> @include "scl.conf"
>
>
> options {
>
>     create_dirs(yes);
>
>     use_dns(yes);
>
>     dns_cache_hosts(/etc/hosts);
>
>     dns_cache_expire(3600);
>
>     chain_hostnames(0);
>
>     log_fifo_size(512);
>
>     perm(0644);
>
>     dir_perm(0755);
>
>     time_reopen(10);
>
>     time_reap(360);
>
>     use_fqdn(no);
>
>     keep_hostname(no);
>
>     stats_freq(0);
>
> };
>
>
> source s_network {
>
>     udp(port("514"));
>
> };
>
>
> destination s_files {
>
>     file("/cygdrive/d/syslog/$HOST/$HOST-$MONTH-$DAY.log"
> create_dirs(yes));
>
> };
>
> log { source(s_network); destination(s_files); };
> ==============================================================
>
> Thanks. Any help or direction would be much appreciated
>
>
>
> Important Notice: If you have received this email by mistake, please
> advise the sender and delete the message and attachments immediately. This
> email, including attachments, may contain confidential, sensitive, legally
> privileged and/or copyright information. Any review, retransmission,
> dissemination or other use of this information by persons or entities other
> than the intended recipient is prohibited.
>
> Please consider the environment before printing this email.
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=
> syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171121/e200382b/attachment.html>