Bug#609940: Support RSYSLOG_FileFormat (RFC 3339 timestamps)

Thu, 13 Jan 2011 18:39:18 -0800 

Package: syslog-summary
Version: 1.14-2
Severity: wishlist

In rsyslog.conf, there is

    # Use traditional timestamp format.
    # To enable high precision timestamps, comment out the following line.
    #
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

When it's commented out, I get lines like these:

    2011-01-14T13:02:48.036142+11:00 venus dhclient: DHCPREQUEST of 
192.168.155.148 on managed to 192.168.155.20 port 67
    2011-01-14T13:02:48.052813+11:00 venus dhclient: DHCPACK of 192.168.155.148 
from 192.168.155.20
    2011-01-14T13:02:48.134247+11:00 venus dhclient: bound to 192.168.155.148 
-- renewal in 1525 seconds.
    2011-01-14T13:03:47.100359+11:00 rifle dhclient: DHCPREQUEST of 
192.168.155.160 on managed to 192.168.155.20 port 67
    2011-01-14T13:03:47.127127+11:00 rifle dhclient: DHCPACK of 192.168.155.160 
from 192.168.155.20
    2011-01-14T13:03:47.177701+11:00 rifle dhclient: bound to 192.168.155.160 
-- renewal in 1435 seconds.
    2011-01-14T13:05:01.100265+11:00 alamo dhclient: DHCPREQUEST of 
192.168.155.162 on managed to 192.168.155.20 port 67
    2011-01-14T13:05:01.188194+11:00 alamo dhclient: DHCPACK of 192.168.155.162 
from 192.168.155.20
    2011-01-14T13:05:01.226055+11:00 alamo dhclient: bound to 192.168.155.162 
-- renewal in 1203 seconds.

That's OK for logcheck -- its regexps are stored in conffiles, so I
can just change the prefix for each line to match the new RFC 3339
format.

For syslog-summary, the regexps are embedded within the script (in
/usr/bin), so I can't do so.  It would be nice if I could.

PS: note that the nanosecond field is absent for lines received by
rsyslog from a traditional syslogd, or from an rsyslogd without

    $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat

In other words, the solution to this ticket must also recognize lines like

    2011-01-14T13:34:40+11:00 groan rsyslogd: [origin software="rsyslogd" 
swVersion="4.2.0" x-pid="22184" x-info="http://www.rsyslog.com";] (re)start

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to