The syslog-ng Administrator GuideDocument version: 1.0.20
|
 |
The syslog-ng Administrator GuideDocument version: 1.0.20
|
|
The syslog-ng application supports messages originating from different timezones. The original syslog protocol does not include timezone information, but syslog-ng provides a solution by extending the syslog protocol to include the timezone in the log messages. The syslog-ng application also enables administrators to supply timezone information for legacy devices which do not support the protocol extension.
Timezone information is associated with messages entering syslog-ng is selected using the following algorithm:
The sender application or host specifies (e.g., the syslog-ng client) the timezone of the messages. If the incoming message includes a timezone it is associated with the message. Otherwise, the local timezone is assumed.
Specify the
time_zone()
parameter for the source driver that reads the message. This parameter
overrides the original timezone of the message. Each source defaults to the
value of the
recv_time_zone()
global option.
Specify the timezone in the destination driver using the
time_zone()
parameter. Each destination driver might have an associated timezone
value; syslog-ng converts message timestamps to this timezone before sending the
message to its destination (file or network socket). Each destination defaults
to the value of the
send_time_zone()
global option.
![[Note]](./note.png) |
Note |
|---|---|
A message can be sent to multiple destination zones. The syslog-ng application converts the timezone information properly for every individual destination zone. |
If the timezone is not specified, the message is left unchanged.
When macro expansions are used in the destination filenames, the local timezone is used.
© 2007 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com