Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
edhernandez
Established Member.
244 views

Logger to Logger forwarding: preserve original event time and receipt time

Hi,

I’m trying to forward historical events from a logger to another logger.  I’m using a TCP forwarder in the original logger and TCP receiver CEF in the destination.

The issue is that in the destination, the events has the event time an Receipt time of the moment when they arrived to the logger, and not the original event time an Receipt time.

According to the documentation there is a property that theatrically lets you to preserver the original timestamp of the event:

Preserve Syslog Timestamp: Set to true to preserve the syslog timestamp. The default is true--the timestamp is the original receipt time of the event. If set to false, original timestamp is replaced with Logger’s receipt time.

But according to my probes there’s no difference between using true (default value) or false, so the event on the destinations has always de Event Time and Receipt Time of the destination. May be it has no effect on a TCP forwarder ¿could be?

So the questions are:

What is the property ‘Preserve Syslog Timestamp’ for?

¿Is there any form to preserver the original Event Time and Receipt Time? ¿Maybe using another king of forwarder - receiver?

Thanks.

Labels (1)
Tags (2)
0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.