yep, logs sent to /dev/log should be <pri>syslogtag message
timestamp and hostname get added to the message, if you try to put them in the
message they are treated as message content.
If you want to play around with faking message data, send logs to yourself via
UDP
David Lang
On Sat, 4 Oct 2014, Radu Gheorghe wrote:
Hi Earl,
If you send your messages via /dev/log, the problem might be caused by
imuxsock
<http://www.rsyslog.com/doc/master/configuration/modules/imuxsock.html>,
which ignores the provided timestamp by default. At least this is what I
understand from the doc:
*SysSock.IgnoreTimestamp* [*on*/off] Ignore timestamps included in the
messages, applies to messages received via the system log socket.
Best regards,
Radu
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
On Sat, Oct 4, 2014 at 7:13 PM, Earl Chew <[email protected]> wrote:
I'm trying to figure out how to use timegenerated and timereported,
but the actions of the rsyslogd 7.4.4 on Ubuntu 14.04 seem confused.
I put this into my configuration file:
$template Test,"%timereported% %timegenerated% %HOSTNAME% Test
%rawmsg%\n"
$ActionFileDefaultTemplate Test
I generate some syslog entries at time 00:00:00.
And then I see the following in the log file:
Oct 3 12:49:18 Oct 3 12:49:18 salvador Test <156>Oct 3 00:00:00
lt-test-logging: pid 2645:warn 1
Should %timereported% show 00:00:00 ?
For the built-in templates, I looked in tools/sm*.c and see things like:
pTimeStamp = (uchar*) getTimeReported(pMsg, tplFmtRFC3339Date);
So should I expect to see 00:00:00 in my log files using the built-in
templates ?
Earl
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
