First, I am sorry if this has been asked before, but I have been searching through the LS forum and cannot find the answer.
We are testing out Nagios LS and I am setting up a really basic proof-of-concept system.
(Please keep in mind that I came from a Splunk shop, so don't shoot me if I say "other products do this...")
LS build and install was a breeze...5 minutes.
I went to set up a remote box to send some custom logs to the LS...and the only method (out of the box) seems to be to use rsyslog. The problem is that rsyslog provides it's own timestamps, even though there are timestamps (the right ones) in the log file already. Needless to say, when I fired it up, all of the log entries were added to LS with the same time stamp, even though they were from all during the day.
Is there a way to tell rsyslog to use the timestamps from the log file, or to tell LS to ignore the timestamp provided from rsyslog...or use lumberjack?
I also have questions about multiline log entries...but I think I'll tackle that in another thread.
Thanks!
-Emmett