[rsyslog] Sending time in remote syslog - test

Rainer Gerhards rgerhards at hq.adiscon.com
Tue Mar 2 10:03:20 CET 2010 

you can use 

$template raw,"%rawmsg%\n"

to see exactly what the remote box sends. If I recall correctly, sysklogd
sends timestamps, but I may be wrong

Rainer

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of lanas
> Sent: Tuesday, March 02, 2010 2:44 AM
> To: rsyslog at lists.adiscon.com
> Subject: [rsyslog] Sending time in remote syslog - test
> 
> Hello,
> 
>   I did a test using %timereported% in a rsyslog running on a server,
> to see if the time of a syslog msg sent from a unit was shown using
> the local time of the unit and not the time it was received.
> 
>   To easily see the difference I out the time 2 hours back on the
> unit.  The unit is running syslogd.  That is, the original syslogd,
> not the ng.
> 
>   The unit running ran syslogd with the following in its
> configuration:
> 
> *.*     @10.200.19.162
> 
>   The logger utility was used to create log msgs locally on the unit.
> These log msgs are then sent to rsyslog on the remote server.
> 
>   The workstation was running rsyslog with either:
> 
> #$template precise,"%timereported% from: %HOSTNAME%
> %syslogtag%:%msg%\n"
> $template precise,"%TIMESTAMP% from: %HOSTNAME% %syslogtag%:%msg%\n"
> 
>   And tests were done with the following commented or not:
> 
> $ActionFileDefaultTemplate precise
> 
>   (I am not sure if the 'precise' template definition must be used
> with $ActionFileDefaultTemplate to take effect)
> 
>   The following was then found on the unit after executing the logger
> utility:
> 
> Feb 27 10:55:34 localhost syslogd 1.4.1#18RR6: restart.
> Feb 27 10:55:35 localhost kernel: klogd 1.4.1#18RR6, log source =
>                 /proc/kmsg started.
> Feb 27 10:55:44 localhost root: TEST7
> 
>   And these messages were received by rsyslog (after restarting
> rsyslog to have its version info included here) :
> 
> Feb 27 12:52:32 from: localhost rsyslogd:: [origin software="rsyslogd"
>     swVersion="3.22.1" x-pid="6909" x-info="http://www.rsyslog.com"]
>     (re)start
> Feb 27 12:54:38 from: syslogd 1.4.1#18RR6:: restart.
> Feb 27 12:54:39 from: brouter kernel:: klogd 1.4.1#18RR6, log source =
>                 /proc/kmsg started.
> Feb 27 12:54:48 from: brouter root:: TEST7
> 
>   The TEST7 msg did now show the unit's time.
> 
>   Now, I installed rsyslog at the unit as a drop-in syslog replacement
> w/o any configuration change and when rsyslog is used, the local unit
> time is received and shown by the server.
> 
>   Can we presume that syslogd first generation does not send the time
> to a remote syslogging facility ?
> 
> Regards,
> 
> Al
> 
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com

More information about the rsyslog mailing list