On Wed, 1 Feb 2012, Michael Maymann wrote:
on my syslog client i have the following time:
# date && logger testing123
Wed Feb 1 14:42:02 CET 2012
what get in my syslog server logs:
2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
Time on my syslog server:
date
Wed Feb 1 15:42:02 EET 2012
according to http://www.timezoneconverter.com/cgi-bin/tzc.tzc and my
calculations it should have been either:
2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping client
timestamp)
or
2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping server
timestamp)
or
2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping UTC
timestamp)
I would prefer client timestamp... Is this a bug or have I completely
misunderstood something... ?
How do I change to correct client timestamp ?
timereported is the time that the client put in the log (with whatever
precision and timezone that the client reported it in)
timegenerated is the timestamp that the server received the log (high
precision timestamp in the server's timezone)
$now is the time the log is being written
check and see what the clients are sending (writing a log from a
particular client using the format RSYSLOG_DEBUG is a wonderful
troubleshooting tool)
by default, the syslog format tries to keep the timestamp the client
provides.
I'm a huge proponent of running all production systems in GMT/UTC it
avoids a huge number of issues along the way.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
