Feature request - use temporal values if found in lognorm fields.

[CyberTaoFlow]

Greetings ! Per your suggestion in the google group I have created this feature request. Specifically in order to facilitate proper processing of timestamps when either ingesting logs that were delayed in transit (timestamp in MESSAGE field is skewed from syslog header timestamp) or just ingesting old logs it would be nice to be able to use the timestamp from the log MESSAGE if found or if an option is present in the rule and the temporal field is found in lognorm output.

Additionally i just reviewed the most recent liblognorm changelog and found they have added some options that could be useful for this: ---SNIP added support for creating unix timestamps supported by parsers: date-rfc3164, date-rfc5424. ----SNIP

I know it should be possible to do this in syslog-ng or rsyslog prior to placing the message on the sagan fifo but I think it would still be nice.

Thanks!