[syslog-ng] Multiple timezone seen on messages originating from local machine
Francois Marier
francois at fmarier.org
Mon Aug 15 03:56:42 UTC 2022
I'm trying to understand timezones in syslog-ng, but I think there's
something I'm missing.
If I do the following on my OpenWRT machine:
/etc/init.d/syslog-ng restart
logger TestA
I see the following in /var/log/messages:
Aug 14 20:39:35 hostname syslog-ng[9860]: syslog-ng shutting down; version='3.37.1'
Aug 14 20:39:36 hostname syslog-ng[10024]: syslog-ng starting up; version='3.37.1'
Aug 14 20:39:36 hostname syslog-ng[10024]: Syslog connection established; fd='15', server='AF_INET(192.168.1.10:514)', local='AF_INET(0.0.0.0:0)'
Aug 15 03:39:49 hostname root: TestA
The correct timezone is the one in the first three lines. Other daemon
messages are displayed using the incorrect timezone like `logger`.
I've attached my syslog-ng.conf file.
So my question is why is the time information correct in the first three
messages and then incorrect from there on?
Francois
--
https://fmarier.org/
-------------- next part --------------
#############################################################################
# OpenWrt syslog-ng.conf specific file
# which collects all local logs into a single file called /var/log/messages.
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
@version: 3.37
@include "scl.conf"
options {
chain_hostnames(no); # Enable or disable the chained hostname format.
create_dirs(yes);
keep_hostname(yes); # Enable or disable hostname rewriting.
log_fifo_size(256); # The number of messages that the output queue can store.
log_msg_size(1024); # Maximum length of a message in bytes.
stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds.
flush_lines(0); # How many lines are flushed to a destination at a time.
use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};
# syslog-ng gets messages from syslog-ng (internal) and from /dev/log
source src {
internal();
unix-dgram("/dev/log");
};
source net {
network_localhost();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
source kernel {
file("/proc/kmsg" program_override("kernel"));
};
destination messages {
file("/var/log/messages");
};
log {
source(src);
source(net);
source(kernel);
destination(messages);
# uncomment this line to open port 514 to receive messages
#source(s_network);
};
#
# Finally, include any user settings last so that s/he can override or
# supplement all "canned" settings inherited from the distribution.
#
@include "/etc/syslog-ng.d/" # Put any customization files in this directory
More information about the syslog-ng
mailing list