[syslog-ng] syslog-ng events in log timestamping wrong
Contreras, Gerald (DPS)
Gerald.Contreras at aph.gov.au
Wed Nov 22 01:11:00 UTC 2017
Thank you all for your assistance.
It appears since my email that Splunk may have a part to play with this issue as stopping and starting the forwarder resolves the issue for the most part.
I believe this can probably be cleared as an issue on the syslog-ng side. The same configuration works for vast majority of other logs coming in via syslog.
Thank you again for all your help
Kind Regards,
Gerald
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scot
Sent: Wednesday, 22 November 2017 5:52 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng events in log timestamping wrong
destination d_file { file("/opt/syslog-ng/logs/$R_YEAR$R_MONTH$R_DAY/$HOST_FROM-$R_HOUR.log");};
On Tue, Nov 21, 2017 at 12:51 AM, Scheidler, Balázs <balazs.scheidler at balabit.com<mailto:balazs.scheidler at balabit.com>> wrote:
Can you pls show a more concrete sample? I dont understand "are being timestamped at the rotation time".
3.2 is ancient but I am not sure any newer stuff is available on cygwin.
On Nov 21, 2017 00:29, "Contreras, Gerald (DPS)" <Gerald.Contreras at aph.gov.au<mailto:Gerald.Contreras at aph.gov.au>> wrote:
Hi All,
I am very new to syslog-ng via Cygwin.
I am having trouble with MWG proxy logs where individual events inside the log are being timestamped at the rotation time (timestamping at 00:00-00:01AM).
This happens intermittently so the problem isn't constant. I have verified via packet captures that the timestamp is correct up until syslog-ng begins to handle the event and write it to the log.
My syslog-ng.conf is as follows
===============================================================
@version: 3.2
@include "scl.conf"
options {
create_dirs(yes);
use_dns(yes);
dns_cache_hosts(/etc/hosts);
dns_cache_expire(3600);
chain_hostnames(0);
log_fifo_size(512);
perm(0644);
dir_perm(0755);
time_reopen(10);
time_reap(360);
use_fqdn(no);
keep_hostname(no);
stats_freq(0);
};
source s_network {
udp(port("514"));
};
destination s_files {
file("/cygdrive/d/syslog/$HOST/$HOST-$MONTH-$DAY.log" create_dirs(yes));
};
log { source(s_network); destination(s_files); };
==============================================================
Thanks. Any help or direction would be much appreciated
Important Notice: If you have received this email by mistake, please advise the sender and delete the message and attachments immediately. This email, including attachments, may contain confidential, sensitive, legally privileged and/or copyright information. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited.
Please consider the environment before printing this email.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Important Notice: If you have received this email by mistake, please advise the sender and delete the message and attachments immediately. This email, including attachments, may contain confidential, sensitive, legally privileged and/or copyright information. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited.
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171122/915b24f1/attachment-0001.html>
More information about the syslog-ng
mailing list