Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RSyslog: users

Timestamp wrong...?

  

 
RSyslog users RSS feed   Index | Next | Previous | View Threaded


michael at maymann

Feb 1, 2012, 5:53 AM

Post #1 of 8 (164 views)
Permalink
Timestamp wrong...?
on my syslog client i have the following time:
# date && logger testing123
Wed Feb 1 14:42:02 CET 2012

what get in my syslog server logs:
2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
Time on my syslog server:
date
Wed Feb 1 15:42:02 EET 2012

according to http://www.timezoneconverter.com/cgi-bin/tzc.tzc and my
calculations it should have been either:
2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping client
timestamp)
or
2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping server
timestamp)
or
2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping UTC
timestamp)

I would prefer client timestamp... Is this a bug or have I completely
misunderstood something... ?
How do I change to correct client timestamp ?


Thanks in advance :-) !
~maymann
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


michael at maymann

Feb 1, 2012, 7:24 AM

Post #2 of 8 (159 views)
Permalink
Re: Timestamp wrong...? [In reply to]
Hi,

Perhaps actually UTC would be even better... as we can then directly match
events globally...:-) !
Anyone who know of a configuration that works...?


Thanks in advance :-) !
~maymann


2012/2/1 Michael Maymann <michael [at] maymann>

> on my syslog client i have the following time:
> # date && logger testing123
> Wed Feb 1 14:42:02 CET 2012
>
> what get in my syslog server logs:
> 2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
> Time on my syslog server:
> date
> Wed Feb 1 15:42:02 EET 2012
>
> according to http://www.timezoneconverter.com/cgi-bin/tzc.tzc and my
> calculations it should have been either:
> 2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping client
> timestamp)
> or
> 2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping server
> timestamp)
> or
> 2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping UTC
> timestamp)
>
> I would prefer client timestamp... Is this a bug or have I completely
> misunderstood something... ?
> How do I change to correct client timestamp ?
>
>
> Thanks in advance :-) !
> ~maymann
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


david at lang

Feb 1, 2012, 12:39 PM

Post #3 of 8 (160 views)
Permalink
Re: Timestamp wrong...? [In reply to]
On Wed, 1 Feb 2012, Michael Maymann wrote:

> on my syslog client i have the following time:
> # date && logger testing123
> Wed Feb 1 14:42:02 CET 2012
>
> what get in my syslog server logs:
> 2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
> Time on my syslog server:
> date
> Wed Feb 1 15:42:02 EET 2012
>
> according to http://www.timezoneconverter.com/cgi-bin/tzc.tzc and my
> calculations it should have been either:
> 2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping client
> timestamp)
> or
> 2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping server
> timestamp)
> or
> 2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping UTC
> timestamp)
>
> I would prefer client timestamp... Is this a bug or have I completely
> misunderstood something... ?
> How do I change to correct client timestamp ?

timereported is the time that the client put in the log (with whatever
precision and timezone that the client reported it in)

timegenerated is the timestamp that the server received the log (high
precision timestamp in the server's timezone)

$now is the time the log is being written

check and see what the clients are sending (writing a log from a
particular client using the format RSYSLOG_DEBUG is a wonderful
troubleshooting tool)

by default, the syslog format tries to keep the timestamp the client
provides.

I'm a huge proponent of running all production systems in GMT/UTC it
avoids a huge number of issues along the way.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


michael at maymann

Feb 2, 2012, 2:18 AM

Post #4 of 8 (162 views)
Permalink
Re: Timestamp wrong...? [In reply to]
Hi,

David: thanks for your reply...:-) !
here is my debug output:
# cat /tmp/example.log
6858.610057125:7f9222880700:
6858.610120821:7f9222880700:
6858.610134300:7f9222880700:
********************************************************************************
6858.610152250:7f9222880700: Switching debugging_on to true at 11:00:58
6858.610164681:7f9222880700:
********************************************************************************
6861.570630926:7f922086b700: main Q:Reg/w0: inactivity timeout, worker
terminating...
6861.570684356:7f922086b700: main Q:Reg/w0: receiving command 1
6861.570698744:7f922086b700: main Q:Reg/w0: worker terminating
6861.570713062:7f922086b700: main Q:Reg: Worker thread 7f922439d740,
terminated, num workers now 0
6868.949626982:7f9217fff700: Message from UNIX socket: #4
6868.949710093:7f9217fff700: logmsg: flags 4, from '<HOSTNAME>', msg Feb 2
11:01:08 root: testing123
6868.949723782:7f9217fff700: Message has legacy syslog format.
6868.949742988:7f9217fff700: main Q: entry added, size now 1 entries
6868.949760658:7f9217fff700: wtpAdviseMaxWorkers signals busy
6868.949781261:7f9217fff700: main Q: EnqueueMsg advised worker start
6868.949801655:7f9217fff700: --------imuxsock calling select, active file
descriptors (max 4): 4
6868.949850125:7f922086b700: main Q: entry deleted, state 0, size now 0
entries
6868.949878271:7f9217fff700:
6868.949902785:7f922086b700: testing filter, f_pmask 255
6868.949923039:7f922086b700: Called action, logging to builtin-fwd
6868.949948112:7f922086b700: <IP>
6868.949961661:7f922086b700: <IP>:514/tcp
6868.950006500:7f922086b700: TCP sent 46 bytes, requested 46
6868.950021306:7f922086b700: testing filter, f_pmask 127
6868.950036741:7f922086b700: Called action, logging to builtin-file
6868.950054830:7f922086b700: file to log to: /var/log/messages
6868.950068309:7f922086b700: doWrite, pData->pStrm 0x7f9224384660, lenBuf 59
6868.950084163:7f922086b700: strm 0x7f9224384660: file 7(messages) flush,
buflen 59
6868.950131027:7f922086b700: strm 0x7f9224384660: file 7 write wrote 59
bytes
6868.950148138:7f922086b700: testing filter, f_pmask 0
6868.950160639:7f922086b700: testing filter, f_pmask 0
6868.950173420:7f922086b700: testing filter, f_pmask 0
6868.950185642:7f922086b700: testing filter, f_pmask 1
6868.950198004:7f922086b700: testing filter, f_pmask 0
6868.950210227:7f922086b700: testing filter, f_pmask 0
6868.950223915:7f922086b700: main Q:Reg/w0: worker IDLE, waiting for work.
6928.950336176:7f922086b700: main Q:Reg/w0: inactivity timeout, worker
terminating...
6928.950385417:7f922086b700: main Q:Reg/w0: receiving command 1
6928.950401831:7f922086b700: main Q:Reg/w0: worker terminating
6928.950419293:7f922086b700: main Q:Reg: Worker thread 7f922439d740,
terminated, num workers now 0

Here is the entry on the syslogclient:
2012-02-02T11:01:08.949694+01:00 <HOSTNAME> root: testing123

Here is the same entry on the syslogserver:
2012-02-02T11:01:08+02:00 <HOSTNAME> root: testing123

It seems the server entry gets <client time>+<server UTC-offset>... is this
really right... ?
Can this be changed to one of the following:
1. <UTC time>+00:00
2. <client time>+<client UTC-offset>
3. <server time>+<server UTC-offset>

Here is my clients /etc/rsyslog.conf:
$ModLoad imtcp
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
$ModLoad immark # provides --MARK-- message capability
*.* @@<IP>:514
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.*


Thanks in advance :-) !
~maymann


2012/2/1 <david [at] lang>

> On Wed, 1 Feb 2012, Michael Maymann wrote:
>
> on my syslog client i have the following time:
>> # date && logger testing123
>> Wed Feb 1 14:42:02 CET 2012
>>
>> what get in my syslog server logs:
>> 2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
>> Time on my syslog server:
>> date
>> Wed Feb 1 15:42:02 EET 2012
>>
>> according to http://www.timezoneconverter.**com/cgi-bin/tzc.tzc<http://www.timezoneconverter.com/cgi-bin/tzc.tzc>and my
>> calculations it should have been either:
>> 2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping client
>> timestamp)
>> or
>> 2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping server
>> timestamp)
>> or
>> 2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping UTC
>> timestamp)
>>
>> I would prefer client timestamp... Is this a bug or have I completely
>> misunderstood something... ?
>> How do I change to correct client timestamp ?
>>
>
> timereported is the time that the client put in the log (with whatever
> precision and timezone that the client reported it in)
>
> timegenerated is the timestamp that the server received the log (high
> precision timestamp in the server's timezone)
>
> $now is the time the log is being written
>
> check and see what the clients are sending (writing a log from a
> particular client using the format RSYSLOG_DEBUG is a wonderful
> troubleshooting tool)
>
> by default, the syslog format tries to keep the timestamp the client
> provides.
>
> I'm a huge proponent of running all production systems in GMT/UTC it
> avoids a huge number of issues along the way.
>
> David Lang
> ______________________________**_________________
> rsyslog mailing list
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


rgerhards at hq

Feb 2, 2012, 2:28 AM

Post #5 of 8 (160 views)
Permalink
Re: Timestamp wrong...? [In reply to]
> -----Original Message-----
> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> bounces [at] lists] On Behalf Of Michael Maymann
> Sent: Thursday, February 02, 2012 11:19 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Timestamp wrong...?
>
> Hi,
>
> David: thanks for your reply...:-) !
> here is my debug output:
> # cat /tmp/example.log
> 6858.610057125:7f9222880700:
[snip]
> 6868.949626982:7f9217fff700: Message from UNIX socket: #4
> 6868.949710093:7f9217fff700: logmsg: flags 4, from '<HOSTNAME>', msg
> Feb 2
> 11:01:08 root: testing123
[snip]

>
> Here is the entry on the syslogclient:
> 2012-02-02T11:01:08.949694+01:00 <HOSTNAME> root: testing123

Nope! see above: This is what you actually get from the client:
Feb 2 11:01:08 root: testing123

I guess you have not enabled high-pecision forwarding on the client. It is
disable by default for compatibility reasons (at least IIRC). There is a
template named along the lines of RSYSLOG_ForwardFormat you need to apply
(Again IIRC)

rainer
>
> Here is the same entry on the syslogserver:
> 2012-02-02T11:01:08+02:00 <HOSTNAME> root: testing123
>
> It seems the server entry gets <client time>+<server UTC-offset>... is
> this
> really right... ?
> Can this be changed to one of the following:
> 1. <UTC time>+00:00
> 2. <client time>+<client UTC-offset>
> 3. <server time>+<server UTC-offset>
>
> Here is my clients /etc/rsyslog.conf:
> $ModLoad imtcp
> $ModLoad imuxsock # provides support for local system logging
> $ModLoad imklog # provides kernel logging support (previously done by
> rklogd)
> $ModLoad immark # provides --MARK-- message capability
> *.* @@<IP>:514
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none
> /var/log/messages
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
> # Log all the mail messages in one place.
> mail.* -
> /var/log/maillog
> # Log cron stuff
> cron.* /var/log/cron
> # Everybody gets emergency messages
> *.emerg *
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit
> /var/log/spooler
> # Save boot messages also to boot.log
> local7.*
>
>
> Thanks in advance :-) !
> ~maymann
>
>
> 2012/2/1 <david [at] lang>
>
> > On Wed, 1 Feb 2012, Michael Maymann wrote:
> >
> > on my syslog client i have the following time:
> >> # date && logger testing123
> >> Wed Feb 1 14:42:02 CET 2012
> >>
> >> what get in my syslog server logs:
> >> 2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
> >> Time on my syslog server:
> >> date
> >> Wed Feb 1 15:42:02 EET 2012
> >>
> >> according to http://www.timezoneconverter.**com/cgi-
> bin/tzc.tzc<http://www.timezoneconverter.com/cgi-bin/tzc.tzc>and my
> >> calculations it should have been either:
> >> 2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping
> client
> >> timestamp)
> >> or
> >> 2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping
> server
> >> timestamp)
> >> or
> >> 2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping
> UTC
> >> timestamp)
> >>
> >> I would prefer client timestamp... Is this a bug or have I
> completely
> >> misunderstood something... ?
> >> How do I change to correct client timestamp ?
> >>
> >
> > timereported is the time that the client put in the log (with
> whatever
> > precision and timezone that the client reported it in)
> >
> > timegenerated is the timestamp that the server received the log (high
> > precision timestamp in the server's timezone)
> >
> > $now is the time the log is being written
> >
> > check and see what the clients are sending (writing a log from a
> > particular client using the format RSYSLOG_DEBUG is a wonderful
> > troubleshooting tool)
> >
> > by default, the syslog format tries to keep the timestamp the client
> > provides.
> >
> > I'm a huge proponent of running all production systems in GMT/UTC it
> > avoids a huge number of issues along the way.
> >
> > David Lang
> > ______________________________**_________________
> > rsyslog mailing list
> >
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco
> n.net/mailman/listinfo/rsyslog>
> > http://www.rsyslog.com/**professional-
> services/<http://www.rsyslog.com/professional-services/>
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


michael at maymann

Feb 2, 2012, 3:21 AM

Post #6 of 8 (160 views)
Permalink
Re: Timestamp wrong...? [In reply to]
Hi,

Rainer: thanks again...:-) !
$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
added just after $ModLoad's on the client did the trick...

Client:
# date && logger testing123
Thu Feb 2 12:16:44 CET 2012
Server:
2012-02-02T12:16:44.307098+01:00 <HOSTNAME> root: testing123

Case closed...

2012/2/2 Rainer Gerhards <rgerhards [at] hq>

> > -----Original Message-----
> > From: rsyslog-bounces [at] lists [mailto:rsyslog-
> > bounces [at] lists] On Behalf Of Michael Maymann
> > Sent: Thursday, February 02, 2012 11:19 AM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] Timestamp wrong...?
> >
> > Hi,
> >
> > David: thanks for your reply...:-) !
> > here is my debug output:
> > # cat /tmp/example.log
> > 6858.610057125:7f9222880700:
> [snip]
> > 6868.949626982:7f9217fff700: Message from UNIX socket: #4
> > 6868.949710093:7f9217fff700: logmsg: flags 4, from '<HOSTNAME>', msg
> > Feb 2
> > 11:01:08 root: testing123
> [snip]
>
> >
> > Here is the entry on the syslogclient:
> > 2012-02-02T11:01:08.949694+01:00 <HOSTNAME> root: testing123
>
> Nope! see above: This is what you actually get from the client:
> Feb 2 11:01:08 root: testing123
>
> I guess you have not enabled high-pecision forwarding on the client. It is
> disable by default for compatibility reasons (at least IIRC). There is a
> template named along the lines of RSYSLOG_ForwardFormat you need to apply
> (Again IIRC)
>
> rainer
> >
> > Here is the same entry on the syslogserver:
> > 2012-02-02T11:01:08+02:00 <HOSTNAME> root: testing123
> >
> > It seems the server entry gets <client time>+<server UTC-offset>... is
> > this
> > really right... ?
> > Can this be changed to one of the following:
> > 1. <UTC time>+00:00
> > 2. <client time>+<client UTC-offset>
> > 3. <server time>+<server UTC-offset>
> >
> > Here is my clients /etc/rsyslog.conf:
> > $ModLoad imtcp
> > $ModLoad imuxsock # provides support for local system logging
> > $ModLoad imklog # provides kernel logging support (previously done by
> > rklogd)
> > $ModLoad immark # provides --MARK-- message capability
> > *.* @@<IP>:514
> > # Log all kernel messages to the console.
> > # Logging much else clutters up the screen.
> > #kern.* /dev/console
> > # Log anything (except mail) of level info or higher.
> > # Don't log private authentication messages!
> > *.info;mail.none;authpriv.none;cron.none
> > /var/log/messages
> > # The authpriv file has restricted access.
> > authpriv.* /var/log/secure
> > # Log all the mail messages in one place.
> > mail.* -
> > /var/log/maillog
> > # Log cron stuff
> > cron.* /var/log/cron
> > # Everybody gets emergency messages
> > *.emerg *
> > # Save news errors of level crit and higher in a special file.
> > uucp,news.crit
> > /var/log/spooler
> > # Save boot messages also to boot.log
> > local7.*
> >
> >
> > Thanks in advance :-) !
> > ~maymann
> >
> >
> > 2012/2/1 <david [at] lang>
> >
> > > On Wed, 1 Feb 2012, Michael Maymann wrote:
> > >
> > > on my syslog client i have the following time:
> > >> # date && logger testing123
> > >> Wed Feb 1 14:42:02 CET 2012
> > >>
> > >> what get in my syslog server logs:
> > >> 2012-02-01T14:42:02+02:00 <HOSTNAME> root: testing123
> > >> Time on my syslog server:
> > >> date
> > >> Wed Feb 1 15:42:02 EET 2012
> > >>
> > >> according to http://www.timezoneconverter.**com/cgi-
> > bin/tzc.tzc<http://www.timezoneconverter.com/cgi-bin/tzc.tzc>and my
> > >> calculations it should have been either:
> > >> 2012-02-01T14:42:02+01:00 <HOSTNAME> root: testing123 (if keeping
> > client
> > >> timestamp)
> > >> or
> > >> 2012-02-01T15:42:02+02:00 <HOSTNAME> root: testing123 (if keeping
> > server
> > >> timestamp)
> > >> or
> > >> 2012-02-01T13:42:02+00:00 <HOSTNAME> root: testing123 (if keeping
> > UTC
> > >> timestamp)
> > >>
> > >> I would prefer client timestamp... Is this a bug or have I
> > completely
> > >> misunderstood something... ?
> > >> How do I change to correct client timestamp ?
> > >>
> > >
> > > timereported is the time that the client put in the log (with
> > whatever
> > > precision and timezone that the client reported it in)
> > >
> > > timegenerated is the timestamp that the server received the log (high
> > > precision timestamp in the server's timezone)
> > >
> > > $now is the time the log is being written
> > >
> > > check and see what the clients are sending (writing a log from a
> > > particular client using the format RSYSLOG_DEBUG is a wonderful
> > > troubleshooting tool)
> > >
> > > by default, the syslog format tries to keep the timestamp the client
> > > provides.
> > >
> > > I'm a huge proponent of running all production systems in GMT/UTC it
> > > avoids a huge number of issues along the way.
> > >
> > > David Lang
> > > ______________________________**_________________
> > > rsyslog mailing list
> > >
> > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco
> > n.net/mailman/listinfo/rsyslog>
> > > http://www.rsyslog.com/**professional-
> > services/<http://www.rsyslog.com/professional-services/>
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


david at lang

Feb 2, 2012, 10:17 AM

Post #7 of 8 (163 views)
Permalink
Re: Timestamp wrong...? [In reply to]
On Thu, 2 Feb 2012, Michael Maymann wrote:

> Hi,
>
> David: thanks for your reply...:-) !
> here is my debug output:

Rainer already answered your question, but this isn't quite what I was
asking for.

what I was asking for was for you to add a line something like the
following

*.info;mail.none;authpriv.none;cron.none /var/log/messages-debug;RSYSLOG_DEBUG

this would create a file with the same logs as you put in
/var/log/messages, but with a different format that gives you a dump of
what all the properties are set for.

give it a quick try and I think you'll see that it will give you a lot of
the information you are needing to troubleshoot the types of problems that
you are having.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


michael at maymann

Feb 2, 2012, 10:42 AM

Post #8 of 8 (160 views)
Permalink
Re: Timestamp wrong...? [In reply to]
Hi,

David: thanks for your reply... already replied to own post:
http://lists.adiscon.net/pipermail/rsyslog/2012-February/014332.html

Case closed...

Br.
~maymann

2012/2/2 <david [at] lang>

> On Thu, 2 Feb 2012, Michael Maymann wrote:
>
> Hi,
>>
>> David: thanks for your reply...:-) !
>> here is my debug output:
>>
>
> Rainer already answered your question, but this isn't quite what I was
> asking for.
>
> what I was asking for was for you to add a line something like the
> following
>
> *.info;mail.none;authpriv.**none;cron.none /var/log/messages-debug;**
> RSYSLOG_DEBUG
>
> this would create a file with the same logs as you put in
> /var/log/messages, but with a different format that gives you a dump of
> what all the properties are set for.
>
> give it a quick try and I think you'll see that it will give you a lot of
> the information you are needing to troubleshoot the types of problems that
> you are having.
>
>
> David Lang
> ______________________________**_________________
> rsyslog mailing list
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

RSyslog users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.