Hi,We had an issue back in December where our central rsyslog was not available with result /var/lib/rsyslog on our satellite rsyslog servers getting to 100%. We moved the spool files to another directory in order to resubmit them at later stage.
Few days ago we decided to re-transmit those logs by moving the spool files back to /var/lib/rsyslog and start rsyslog so they could be processed and sent to our central rsyslog server.
We noticed that the logs indeed ended up on the central rsyslog server with correct day and month but with wrong year. Meaning, original date on the logs was *2022*-12-16 but arrived on the central rsyslog server with *2023*-12-16:
2023-01-24 06:36:24PST [ root@syslog1:/var/log/] # zgrep SPOOL_TEST secure-20230124.gz2023-12-16T10:04:56-08:00 backend201 su: pam_unix(su:session): session closed for user nobody SPOOL_TEST 2023-12-16T07:59:03-08:00 frontend130 sudo: pam_unix(sudo:session): session closed for user root SPOOL_TEST
Anyone has seen this problem before? Is this a bug? Best regards, Ricardo Esteves.
OpenPGP_0x9DCA12A350F395E0.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
