On Thu, 2002-12-05 at 13:35, Tom Perrine wrote: > >>>>> On Thu, 5 Dec 2002 13:51:03 -0500 (EST), "Ed Ravin" <eravinat_private> said: > > ER> Florin Andrei writes: > >> The true solution is to modify syslogd. [...] > >> Changing the code to use local timestamps instead of the ones provided > >> by the datagrams should be no big deal. Some external configuration flag > >> could change the behaviour between the default (use the datagrams' > >> timestamps, or use local time). > > ER> syslog-ng already supports this, with its "use_time_recvd()" option. > ER> You can also do your remote logging via TCP to reduce the chance > ER> that you are receiving spoofed data. > > I think I'd really like to have both timestamps in the final > destination log file. The one the client put on, AND the one put on > by the final "write-to-file" daemone. > > Does this make sense, or an I just being overly {pedantic, paranoid, > feature-crazy}? I was contemplating the very same possibility. I think it makes sense. -- Florin Andrei "If you play the WinXP CD backwards, you get a satanic message." "That's nothing, if you play it forward, it installs WinXP." _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 13:59:20 PST