https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270497
Bug ID: 270497
Summary: periodic(8) scripts ignore syslogd flag '-O' output
format and does not filter/report failed events
Product: Base System
Version: 12.4-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
I was not happy with the output format of syslogd events since the time
resolution was not enough and not sortable. I did set in my rc.conf:
$ sysrc -n syslogd_flags
-N -ss -O rfc5424
These periodics are then rendered useless:
$ grep -r "date " /etc/periodic
/etc/periodic/daily/460.status-mail-rejects: yesterday=$(date -v-1d '+%b
%e')
/etc/periodic/daily/460.status-mail-rejects: today=$(date '+%b %e')
/etc/periodic/security/900.tcpwrap:yesterday=`date -v-1d "+%b %e "`
/etc/periodic/security/800.loginfail:yesterday=`date -v-1d "+%b %e "`
They rely on the old style formats and miss everything highres timestamps.
So a possible solution is to query "sysrc -n syslogd_flags" and use the
appropriate format:
today=$(date -I)
yesterday=$(date -v-1d -I)
or old style
to filter out events.
Manpage of syslogd says:
-O format
Select the output format of generated log messages. The values
bsd and rfc3164 are used to generate RFC 3164 log messages. The
values syslog and rfc5424 are used to generate RFC 5424 log
messages, having RFC 3339 timestamps with microsecond precision.
The default is to generate RFC 3164 log messages.
So it is '-O bsd|rfc3164' or '-O syslog|rfc5424'. This could be done with grep
or sed.
--
You are receiving this mail because:
You are the assignee for the bug.
