Re: newsyslog timestamp
On Mon, Mar 13, 2017 at 11:14:36PM +0100, Alexander Bluhm wrote:
> I think the combination of local time and time zone without fractions
> of seconds is the best choice for newsyslog. Or should we use
> 2017-03-13T21:30:04.822Z in newsyslogd?
Regarding all the Feedback I summarize:
- we need newsyslog not only for rotating syslogd log files
- there are logfiles without content for a while, so always having
timestamp at the beginning is useful
- I do not plan to move the rotating functionality into syslogd now
- I stick to RFC 5424 and will not implement another short ISO format
But I came to the conclusion to have a new different format is bad,
so I propose this diff now.
With syslogd -Z you get:
2017-03-15T23:14:09.969Z t430s newsyslog[35784]: logfile turned over
2017-03-15T23:14:50.734Z t430s bluhm: foo
And with this default traditional sylogd format
2017-03-15T23:15:16.743Z t430s newsyslog[32804]: logfile turned over
Mar 16 00:16:20 t430s bluhm: bar
ok?
bluhm
Index: usr.bin/newsyslog/newsyslog.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/newsyslog/newsyslog.c,v
retrieving revision 1.101
diff -u -p -r1.101 newsyslog.c
--- usr.bin/newsyslog/newsyslog.c 1 Jun 2016 16:57:48 - 1.101
+++ usr.bin/newsyslog/newsyslog.c 15 Mar 2017 23:13:28 -
@@ -142,7 +142,7 @@ int force = 0; /* Force the logs to be
char *conf = CONF; /* Configuration file to use */
time_t timenow;
char hostname[HOST_NAME_MAX+1]; /* Hostname */
-char *daytime; /* timenow in human readable form */
+char daytime[33];/* timenow in human readable form */
char *arcdir;/* Dir to put archives in (if it exists) */
FILE *openmail(void);
@@ -402,12 +402,18 @@ send_signal(char *pidfile, int signal)
void
parse_args(int argc, char **argv)
{
+ struct timeval now;
+ struct tm *tm;
+ size_t l;
char *p;
int ch;
- timenow = time(NULL);
- daytime = ctime(&timenow) + 4;
- daytime[15] = '\0';
+ gettimeofday(&now, NULL);
+ timenow = now.tv_sec;
+ tm = gmtime(&now.tv_sec);
+ l = strftime(daytime, sizeof(daytime), "%FT%T", tm);
+ snprintf(daytime + l, sizeof(daytime) - l, ".%03ldZ",
+ now.tv_usec / 1000);
/* Let's get our hostname */
(void)gethostname(hostname, sizeof(hostname));
Re: newsyslog timestamp
Hiya, On Wed, 15 Mar 2017 02:19:10 +1100 bytevolcano wrote: > Is it worth making newsyslog use the syslog API instead of directly > writing to the top of the file? From syslogd(8): CAVEATS syslogd does not create files, it only logs to existing ones. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: newsyslog timestamp
On 2017/03/15 02:19, bytevolc...@safe-mail.net wrote: > Is it worth making newsyslog use the syslog API instead of directly > writing to the top of the file? newsyslog(8) isn't just used for rotating files written by syslogd..
Re: newsyslog timestamp
Is it worth making newsyslog use the syslog API instead of directly writing to the top of the file? Perhaps even integrating this functionality into syslogd so it can use the existing infrastructure, and LOG_SYSLOG facility, fork+privsep style: [syslogd]->|->[syslogd:logger] |->[syslogd:rotate] On Mon, 13 Mar 2017 16:31:35 -0600 "Todd C. Miller" wrote: > How about we just eliminate the "logfile turned over" message > entirely? It's kind of bogus for newsyslog to be writing to the > log files directly. I don't think that message provides any useful > info. > > - todd >
Re: newsyslog timestamp
On 3/13/2017 7:02 PM, Mark Kettenis wrote: >> From: "Todd C. Miller" >> Date: Mon, 13 Mar 2017 16:31:35 -0600 >> >> How about we just eliminate the "logfile turned over" message >> entirely? It's kind of bogus for newsyslog to be writing to the >> log files directly. I don't think that message provides any useful >> info. > > I do find the message useful as it reminds me that there is another > file to look into. > > Along those lines, I wrote a script to rotate my logs because I wanted the rotated log to have the date in the name, instead of just a version number. While doing that, the line I add to the new log file is: Log file /var/log/messages rotated to log.messages_20170313T000102.log as that provides a trail of the logfile from one to the next as they are rotated. I suspect others may not want or need this type of trail...
Re: newsyslog timestamp
Tue, 14 Mar 2017 00:16:01 +0100 Alexander Bluhm > On Mon, Mar 13, 2017 at 04:31:35PM -0600, Todd C. Miller wrote: > > How about we just eliminate the "logfile turned over" message > > entirely? It's kind of bogus for newsyslog to be writing to the > > log files directly. I don't think that message provides any useful > > info. > > Perhaps /var/log/messages was a bad example. syslogd does not write > the restart message into /var/log/daemon, newsyslog also rotates > files that do not belong to syslogd. Here is daemon log: > > 2017-03-14T00:11:46+01:00 t430s newsyslog[31315]: logfile turned over > 2017-03-13T23:12:16.690Z t430s isakmpd[95880]: sendmsg ... > 2017-03-13T23:12:43.720Z t430s last message repeated 3 times > > It is useful that log files are never empty and that you can see > when they were rotated. > Hi Alexander, Mark, Todd, tech@, Please see the quote: https://en.wikipedia.org/wiki/ISO_8601#cite_note-21 "ISO 8601:2004(E)". ISO. 2004-12-01. “4.3.2 NOTE: By mutual agreement of the partners in information interchange, the character [T] may be omitted in applications where there's no risk of confusing a date and time of day representation with others defined in this International Standard.” I also suggest we do not use the [Z] as a mutual agreement ALL times UTC, indicated by omission of the offset to be human friendly and yet correct. Please, see some additional information in the following resources pages. https://tools.ietf.org/html/rfc3339#section-5.2 https://www.cl.cam.ac.uk/~mgk25/iso-time.html https://www.cs.tut.fi/~jkorpela/iso8601.html#sol Kind regards, Anton Lazarov
Re: newsyslog timestamp
On Mon, Mar 13, 2017 at 04:31:35PM -0600, Todd C. Miller wrote: > How about we just eliminate the "logfile turned over" message > entirely? It's kind of bogus for newsyslog to be writing to the > log files directly. I don't think that message provides any useful > info. Perhaps /var/log/messages was a bad example. syslogd does not write the restart message into /var/log/daemon, newsyslog also rotates files that do not belong to syslogd. Here is daemon log: 2017-03-14T00:11:46+01:00 t430s newsyslog[31315]: logfile turned over 2017-03-13T23:12:16.690Z t430s isakmpd[95880]: sendmsg ... 2017-03-13T23:12:43.720Z t430s last message repeated 3 times It is useful that log files are never empty and that you can see when they were rotated. bluhm
Re: newsyslog timestamp
> From: "Todd C. Miller" > Date: Mon, 13 Mar 2017 16:31:35 -0600 > > How about we just eliminate the "logfile turned over" message > entirely? It's kind of bogus for newsyslog to be writing to the > log files directly. I don't think that message provides any useful > info. I do find the message useful as it reminds me that there is another file to look into.
Re: newsyslog timestamp
How about we just eliminate the "logfile turned over" message entirely? It's kind of bogus for newsyslog to be writing to the log files directly. I don't think that message provides any useful info. - todd
newsyslog timestamp
Hi,
syslogd(8) -Z generates log files in ISO format and UTC. newsyslog(8)
still uses BSD syslog timstamps. This looks a bit ugly when you
combine them this way.
Mar 12 01:00:01 t430s newsyslog[32158]: logfile turned over
2017-03-12T00:00:01.547Z t430s syslogd: restart
I think it is overkill to add a -Z option to newsyslog. In fact
it would better if the creation year and the time zone delta is
always visible at the beginning of the file. So you can still look
at the short timestamps from syslogd and figure out when it all
started.
2017-03-13T22:02:33+01:00 t430s newsyslog[42096]: logfile turned over
Mar 13 22:02:33 t430s syslogd: restart
Although this would be a bit inconsistent when used with syslogd -Z.
2017-03-13T22:30:04+01:00 t430s newsyslog[30641]: logfile turned over
2017-03-13T21:30:04.822Z t430s syslogd: restart
I think the combination of local time and time zone without fractions
of seconds is the best choice for newsyslog. Or should we use
2017-03-13T21:30:04.822Z in newsyslogd?
comments/ok?
bluhm
Index: usr.bin/newsyslog/newsyslog.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/newsyslog/newsyslog.c,v
retrieving revision 1.101
diff -u -p -r1.101 newsyslog.c
--- usr.bin/newsyslog/newsyslog.c 1 Jun 2016 16:57:48 - 1.101
+++ usr.bin/newsyslog/newsyslog.c 13 Mar 2017 21:57:48 -
@@ -142,7 +142,7 @@ int force = 0; /* Force the logs to be
char *conf = CONF; /* Configuration file to use */
time_t timenow;
char hostname[HOST_NAME_MAX+1]; /* Hostname */
-char *daytime; /* timenow in human readable form */
+char daytime[33];/* timenow in human readable form */
char *arcdir;/* Dir to put archives in (if it exists) */
FILE *openmail(void);
@@ -402,12 +402,23 @@ send_signal(char *pidfile, int signal)
void
parse_args(int argc, char **argv)
{
+ struct timeval now;
+ struct tm *tm;
+ size_t l;
char *p;
int ch;
- timenow = time(NULL);
- daytime = ctime(&timenow) + 4;
- daytime[15] = '\0';
+ gettimeofday(&now, NULL);
+ timenow = now.tv_sec;
+ tm = localtime(&now.tv_sec);
+ l = strftime(daytime, sizeof(daytime), "%FT%T%z", tm);
+ if (l == 24 && l+1 < sizeof(daytime)) {
+ /* syslog timestamp has colon in time zone, %z may be empty */
+ daytime[l+1] = '\0';
+ daytime[l+0] = daytime[l-1];
+ daytime[l-1] = daytime[l-2];
+ daytime[l-2] = ':';
+ }
/* Let's get our hostname */
(void)gethostname(hostname, sizeof(hostname));
