> -----Original Message----- > From: Simon Josefsson [mailto:[email protected]] > Sent: Thursday, November 11, 2010 5:25 PM > To: Rainer Gerhards > Cc: Chris Lonvick; [email protected] > Subject: Re: Small draft for Syslog File Storage? > > "Rainer Gerhards" <[email protected]> writes: > > >> -----Original Message----- > >> From: Chris Lonvick [mailto:[email protected]] > >> Sent: Thursday, November 11, 2010 5:19 PM > >> To: Simon Josefsson > >> Cc: Rainer Gerhards; [email protected] > >> Subject: Re: [Syslog] Small draft for Syslog File Storage? > >> > >> Hi Simon, > >> > >> On Wed, 10 Nov 2010, Simon Josefsson wrote: > >> > Oh, and please use a timestamp format that embeds the year! How > >> about > >> > the RFC 3339 format? I hate how it is impossible to know what > year a > >> > log entry was written on modern Linux systems. > >> > >> Take a look at RFC 5424. The timestamp is from RFC 3339. > > > > Sorry for the silence today. I am currently working very hard on very > complex > > code for log normalization. > > > > But one thing quickly: the timestamp is a typical example of how the > real > > world is hesitant to change. Rsyslog has become the default syslogd > on almost > > all modern linux distros. Rsyslog emits RFC3339 stamps be default, > and also > > uses them by default inside log files. But *all* distros have > configured it > > to use the old-style timestamp... > > Yes, and that is annoying. Using the RFC 3339 format for stored data > seems like the obvious choice if this is what RFC 5424 is using > already.
Actually, I made the switch in rsyslog roughly 4 to 5 years ago, even before we had RFC5424... :( Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
