[rsyslog-notify] Forum Thread: Rsyslog TimeStamp changed when sent to remote host - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Mon Jun 13 18:35:55 CEST 2016
User: louisthomas
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26584#p26584
Message:
----------
Using Centos Virtual Machine on an Openstack cloud environment.
Rsyslog version is 5.8.10
Everything works as expected BUT when the log messages are forwarded to a
remote host the original time stamp reverts back to the low precision
format (like RSYLOG_TraditionalFileFormat
We need to display the high precision timestamps.
Any help is appreciated.
Below, the /var/log/messages has the expected date
tail -f /var/log/messages
2016-06-10T20:03:58.105863+00:00 epenum-proxy rsyslogd: [origin
software="rsyslogd" swVersion="5.8.10" x-pid="71822"
x-info="http://www.rsyslog.com"] exiting on signal 15.
2016-06-10T20:03:58.219586+00:00 epenum-proxy rsyslogd: [origin
software="rsyslogd" swVersion="5.8.10" x-pid="72074"
x-info="http://www.rsyslog.com"] start
But the tcpdump shows that the remote host is receiving the low precision
date....
tcpdump -nnvvXSs 1514 -i eth0 "dst host 135.25.246.43 and udp dst port
1514"
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514
bytes
20:03:58.106288 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 186)
135.25.69.56.55377 > 135.25.246.43.1514: [bad udp cksum c608!] UDP,
length 158
0x0000: 4500 00ba 0000 4000 4011 f09c 8719 4538 E..... at .@.....E8
0x0010: 8719 f62b d851 05ea 00a6 4a4e 3c34 363e ...+.Q....JN<46>
0x0020: 4a75 6e20 3130 2032 303a 3033 3a35 3820 Jun.10.20:03:58.
0x0030: 6570 656e 756d 2d70 726f 7879 2072 7379 epenum-proxy.rsy
0x0040: 736c 6f67 643a 205b 6f72 6967 696e 2073 slogd:.[origin.s
0x0050: 6f66 7477 6172 653d 2272 7379 736c 6f67 oftware="rsyslog
0x0060: 6422 2073 7756 6572 7369 6f6e 3d22 352e d".swVersion="5.
0x0070: 382e 3130 2220 782d 7069 643d 2237 3138 8.10".x-pid="718
0x0080: 3232 2220 782d 696e 666f 3d22 6874 7470 22".x-info="http
0x0090: 3a2f 2f77 7777 2e72 7379 736c 6f67 2e63 ://www.rsyslog.c
0x00a0: 6f6d 225d 2065 7869 7469 6e67 206f 6e20 om"].exiting.on.
0x00b0: 7369 676e 616c 2031 352e signal.15.
20:03:58.220971 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 170)
135.25.69.56.55545 > 135.25.246.43.1514: [bad udp cksum dd96!] UDP,
length 142
0x0000: 4500 00aa 0000 4000 4011 f0ac 8719 4538 E..... at .@.....E8
0x0010: 8719 f62b d8f9 05ea 0096 4a3e 3c34 363e ...+......J><46>
0x0020: 4a75 6e20 3130 2032 303a 3033 3a35 3820 Jun.10.20:03:58.
0x0030: 6570 656e 756d 2d70 726f 7879 2072 7379 epenum-proxy.rsy
0x0040: 736c 6f67 643a 205b 6f72 6967 696e 2073 slogd:.[origin.s
0x0050: 6f66 7477 6172 653d 2272 7379 736c 6f67 oftware="rsyslog
0x0060: 6422 2073 7756 6572 7369 6f6e 3d22 352e d".swVersion="5.
0x0070: 382e 3130 2220 782d 7069 643d 2237 3230 8.10".x-pid="720
0x0080: 3734 2220 782d 696e 666f 3d22 6874 7470 74".x-info="http
0x0090: 3a2f 2f77 7777 2e72 7379 736c 6f67 2e63 ://www.rsyslog.c
0x00a0: 6f6d 225d 2073 7461 7274 om"].start
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[root at epenum-proxy ~]#
This is the very simple rsyslog.conf:
[root at epenum-proxy etc]# cat /etc/rsyslog.conf
# rsyslog v5.8.10 configuration file
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 1514
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ActionFileDefaultTemplate RSYSLOG_ForwardFormat
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save boot messages also to boot.log
local7.* /var/log/boot.log
*.* @135.25.246.43:1514
[root at epenum-proxy etc]#
More information about the rsyslog-notify
mailing list