FAQ

Why do I have two date stamps in my received message?

Created on 2001-02-16 by Rainer Gerhards.

A typical entry in WinSyslog's log file looks as follows:

2001-02-15,17:09:35,192.168.2.1,23,5,74: *Mar 3 17:51:09.270 Central: > %SYS-5-CONFIG_I: Configured from console by vty0

As you can see, there are two timestamps in it. The first time stamp is generated by WinSyslog as the message arrives. The second one is generated by the syslog sender. Usually, these timestamps are very close. However, there might be some syslog devices that send messages deferred. In this case, the first timestamp gives you an idea when the message arrived, but the second has the actual time of the event (well, in fact it is a bit ahead of the current time).

Also, please note that the second time stamp is generated by the device sending the syslog message, NOT WinSyslog. There is a great variety of syslog enabled devices and we do not have any control over how they format there message. Some of them might even include NO timestamp at all. In this case, the WinSyslog generated stamp is a life-saver.

As you can see in the example above, the device obviously has wrong date and time information. WinSyslog here provides a clue to when it really happened.

HomeProduct InfoGeneral InformationEdition ComparisonOrder and PricingUpgrade Insurance InfoNews ReleasesVersion HistoryProduct TourScreenshotsDownloadReference libraryGeneral InformationStep-by-step guidesAllInstallation and ConfigurationServices relatedActions relatedCentral MonitoringCommon UsesCentralized monitoringSecurity ReferenceHelpSupportManualFAQAllGeneral questionsWinSyslog relatedServices relatedActions relatedFilter ConditionsWinSyslog 3.x specificLicense relatedArticlesSeminars OnlineAllGeneralWinSyslog relatedOrder & pricingOrder nowEditionsPricing InformationUpgrade Insurance InfoLocal ResellerContact UsSearch

Printer Version Send this page to a friend