Package: socklog
Version: 2.1.0-8
Severity: wishlist
Hi,
when logging kernel messages over UDP with socklog+svlogd, the end result
looks like this:
@400000004986304d23ededec 172.18.17.254: @400000004986304d23676c54 kern.warn:
Feb 2 00:29:07 kernel: ...
The line contains three timestamps, which is not very useful and only makes
the message harder to read. I know I can do the following:
1. get rid of the first timestamp by not telling svlogd on the logserver to
log one;
2. get rid of the second timestamp by not telling svlogd on the client system
to log one.
The problem with #1 is that some syslog clients send timestamps whereas
others don't, and I need to have timestamps enabled in svlogd on the server
for the sake of the latter.
The problem with #2 is that the client also writes the logs to local storage
and I definitely want the timestamps there.
I can see the following options:
1. Adding a new config command to "send via UDP without timestamp".
2. Making timestamps toggleable on a per-directory basis (I could have a
logdir with only udp targets and no timestamps and other logdirs with
no udp targets and timestamps enabled).
3. Some mangling on the server side to recognise a tai64n timestamp at the
beginning of the incoming line, and insert the client IP field after it
instead of in front of it. This seems somewhat kludgy to me even though
it would probably work very well in practice.
This still doesn't get rid of the third, useless, syslog-style timestamp,
but I guess you wouldn't want to add sed-style editing functions, and I
can't really see any other way. :)
Andras
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22.18-vs2.2.0.6-arcadia (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages socklog depends on:
ii adduser 3.110 add and remove users and groups
ii libc6 2.7-13 GNU C Library: Shared libraries
Versions of packages socklog recommends:
ii ipsvd 1.0.0-1 Internet protocol service daemons
ii runit 2.0.0-1 a UNIX init scheme with service su
pn socklog-run <none> (no description available)
socklog suggests no packages.
-- no debconf information
--
Andras Korn <korn at chardonnay.math.bme.hu>
<http://chardonnay.math.bme.hu/~korn/> QOTD:
When smashing monuments, always save the pedestals - they come in handy.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
