On Sunday 26 July 2009 21:20:23 Modulok wrote:
> One would think that ISO 8601 date strings would make more sense, in
> addition not being language dependent. But I guess that's out.
It isn't too hard to convert on the fly. The real problem is that syslog
dates do not contain a year and timezone. The taillog program below sig
therefore may lie about the generated date. Most notably a year is
non-optional in ISO 8601.
Anyway, taillog is basically tail(1), except it shows the following:
% sudo taillog -2 /var/log/cron
2009-07-27 00:11:00-0800 smoochies /usr/sbin/cron[25808]: (operator) CMD
(/usr/libexec/save-entropy)
2009-07-27 00:15:00-0800 smoochies /usr/sbin/cron[25834]: (root) CMD
(/usr/libexec/atrun)
--
Mel
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# taillog/BSDmakefile
# taillog/taillog.c
#
echo x - taillog/BSDmakefile
sed 's/^X//' >taillog/BSDmakefile << 'f307a85b0a9ff60c11589de765a71b95'
X# $Coar: utils/taillog/BSDmakefile,v 1.1 2009/07/27 07:58:48 mel Exp $
XPROG=taillog
XNO_MAN=yes
X
X.include
f307a85b0a9ff60c11589de765a71b95
echo x - taillog/taillog.c
sed 's/^X//' >taillog/taillog.c << '4c238c819ad69dd9d8586db323e29997'
X/*
X * vim: ts=4 sw=4 fdm=marker tw=78 ai noet
X * Copyright (c) 2009 Mel Flynn
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X *notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X *notice, this list of conditions and the following disclaimer in the
X *documentation and/or other materials provided with the distribution.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X *
X * Taillog: tail(1) helper that converts syslog date format to ISO-8601.
X */
X#include
X__FBSDID("$Coar: utils/taillog/taillog.c,v 1.1 2009/07/27 07:58:48 mel Exp $");
X
X#include
X#include
X#include
X#include
X#include
X
X#include
X#include
X#include
X#include
X
X#include
X#include
X
X#define TAIL "/usr/bin/tail"
X
Xstatic inline void init_tp(const struct tm *now, struct tm *tp);
X
Xint main(int argc, char **argv)
X{
X pid_t pid;
X int fildes[2], res;
X struct tm *now;
X time_t clock;
X
X tzset();
X clock = time(NULL);
X now = localtime(&clock);
X
X res = pipe(fildes);
X if( (pid = fork()) == 0 ) /* Child */
X {
X close(fildes[0]);
X if( dup2(fildes[1], STDOUT_FILENO) < 0 )
X err(EX_OSERR, "dup2()");
X argv[0] = strdup(TAIL);
X if( (res = execv(TAIL, argv)) < 0 )
X err(EX_OSERR, "Failed to run tail");
X }
X else if( pid > 0 ) /* Parent */
X {
X char buf[BUFSIZ];
X FILE *in;
X
X close(fildes[1]);
X if( (in = fdopen(fildes[0], "r")) == NULL )
X err(EX_OSERR, "fdopen()");
X
X while( fgets(buf, BUFSIZ, in) != NULL )
X {
X struct tm tp;
X size_t len = strlen(buf);
X char *ptr, tbuf[32];
X
X init_tp(now, &tp);
X ptr = strptime(buf, "%b %e %T", &tp);
X if( ptr == NULL )
X {
X warnx("Line does not start with syslog date");
X printf("%s", buf);
X }
X else
X {
X if( strftime(tbuf, sizeof(tbuf), "%Y-%m-%d
%H:%M:%S%z", &tp) == 0 )
X