Syslog config:
Code: Select all
/system logging action print
Flags: * - default
[...]
7 name="netwatch" target=remote remote=192.168.100.11 remote-port=5000 src-address=0.0.0.0 bsd-syslog=yes
syslog-time-format=iso8601 syslog-facility=local3 syslog-severity=auto
/system logging print detail
[...]
7 topics=script,info prefix="" action=netwatch
Message generation and router clock:
Code: Select all
[admin@foobar] > :log info ("test01"); system clock print
time: 09:45:25
date: apr/04/2017
time-zone-autodetect: no
time-zone-name: EST5EDT
gmt-offset: -04:00
dst-active: yes
As you can see from the tcpdump, the timestamp sent is# tcpdump port 5000 -An
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s20f0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:45:25.593920 IP 192.168.103.10.53251 > 192.168.100.11.commplex-main: UDP, length 48
E..L..@.@..:..g
..d......8..<158>2017-04-04T13:45:25.0000-0400 foobar test01
2017-04-04T13:45:25.0000-0400
But it should be - as verified by router clock:
2017-04-04T09:45:25.0000-0400
Looks like the Syslog message always dumps UTC time but appends the correct TZ offset.