The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
The syslog-ng application supports messages originating from different timezones. The original syslog protocol does not include timezone information, but syslog-ng provides a solution by extending the syslog protocol to include the timezone in the log messages. The syslog-ng application also enables administrators to supply timezone information for legacy devices which do not support the protocol extension.
Timezone information is associated with messages entering syslog-ng is selected using the following algorithm:
The sender application (e.g., the syslog-ng client) or host specifies the timezone of the messages. If the incoming message includes a timezone it is associated with the message. Otherwise, the local timezone is assumed.
Specify the
time_zone()
parameter for the source driver that reads the message. This timezone will be associated with the messages only if no timezone is specified within the message itself. Each source defaults to the
value of the
recv_time_zone()
global option.
Specify the timezone in the destination driver using the
time_zone()
parameter. Each destination driver might have an associated timezone
value; syslog-ng converts message timestamps to this timezone before sending the
message to its destination (file or network socket). Each destination defaults
to the value of the
send_time_zone()
global option.
![[Note]](./note.png) |
Note |
|---|---|
A message can be sent to multiple destination zones. The syslog-ng application converts the timezone information properly for every individual destination zone. |
If the timezone is not specified, the message is left unchanged.
When macro expansions are used in the destination filenames, the local timezone is used.
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com