I've been through the forums and this has been asked many times, but I'm not getting anywhere with it. I'm admitting defeat and asking for help

We have a log from a host. The host is in this format:

01/11/11 00:18:05 [ 1] - I) Connected
01/11/11 00:18:05 [ 1] - I) Sending NUA
01/11/11 00:18:05 [ 1] - I) Sarian B: CALL NBMS_HOST01
01/11/11 00:18:06 [ 1] - I) Send data
01/11/11 00:18:06 [ 1] - I) Packet = 1. Dial_count1 = 1

The date above is 1st November, not 11th January. The file is saved at:

c:\trace.log

There is a months worth of data in each file, starting with the 1st of the month. I haven't managed to tell Splunk that the date is in d/m/Y format instead of m/d/Y format. The props.conf file on both the windows and linux boxes contain:

[source::"c:\\trace.log"]
TIME_FORMAT = %d/%m/%Y

[source="c:\trace.log"]
TIME_FORMAT = %d/%m/%Y

[source="c:\\trace.log"]
TIME_FORMAT = %d/%m/%Y

datetime.xml on both the server and windows forwarder has:

<define name="_masheddate3" extract="day, month, year">
    <text><![CDATA[(?:^|source::).*?(?<!\d|\d\.)([012]\d|3[01])(0\d|1[012])(?:20)?([901]\d)(?!\d| {2,})]]></text>
</define>

added and in datePatterns _masheddate3 is added.

(props.conf contains 3 items as I'm trying to get any combination to pickup) I think that is all I need to do, except the results on the web page show:

11/01/2011 00:44:09.000 01/11/11 00:44:09 [ 1] - I) Sarian B: CALL NBMS_HOST01
host=RSCA6976A   Options|  sourcetype=trace-too_small   Options|  source=C:\trace.log   Options

You can see its still picking up US instead of UK date format. First datetime is Splunk Generated - second datetime is data from the log

I'm clearly doing something wrong and would appreciate any ideas as I don't think I'm doing anything too complicated.

Thank you