0

I'm working on a C project, with client/server syslog communication with a Rpi. I have been asked to use syslog ng and I'd like to access to timestamp.

From what I found here:

Where the timestamp comes from depends on the type of log data you’re sending through.

Plus :

If your data is forwarded by a syslog service, there is a timestamp embedded in the header that we can pull out and use.

So it's possible to pull out the timestamp. But how ?

Arhyaa
  • 369
  • 1
  • 3
  • 21

1 Answers1

0

If you use syslog-ng, it handles two different time stamps:

  • the one, when the message was actually received
  • the one included in the syslog message

These are accessible through macros. You can read more about it at https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-v3.7-guide-admin/html-single/index.html#reference-macros

Peter Czanik
  • 81
  • 5
  • It seems to match to what I'm looking for ! Do you have an utilisation example ? – Arhyaa Dec 04 '15 at 07:45
  • See for example: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-v3.7-guide-admin/html-single/index.html#configuring-macros – Peter Czanik Dec 05 '15 at 08:37