Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Changes in the syslog date format?
681 views
Skip to first unread message
local10
Nov 5, 2022, 5:40:06 AM11/5/22
to
Hi,
It looks like the syslog date format has changed for some reason (see below) and the change is definitely less readable for me. The change maybe related to the rsyslog upgrade that happened around November 4, 2022:
[UPGRADE] rsyslog:amd64 8.2210.0-1 -> 8.2210.0-3
Any ideas as to get the old syslog date format back?
Regards,
Nov 4 03:26:23 [localhost] systemd[1]: Reloading. ## how syslog records used to look
2022-11-04T03:26:24.151066-04:00 tst systemd[1]: Stopping System Logging Service... ## how syslog records look now
2022-11-04T03:26:24.297040-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="463" x-info="https://www.rsyslog.com"] exiting on signal 15.
It looks like the syslog date format has changed for some reason (see below) and the change is definitely less readable for me. The change maybe related to the rsyslog upgrade that happened around November 4, 2022:
[UPGRADE] rsyslog:amd64 8.2210.0-1 -> 8.2210.0-3
Any ideas as to get the old syslog date format back?
Regards,
Nov 4 03:26:23 [localhost] systemd[1]: Reloading. ## how syslog records used to look
2022-11-04T03:26:24.151066-04:00 tst systemd[1]: Stopping System Logging Service... ## how syslog records look now
2022-11-04T03:26:24.297040-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="463" x-info="https://www.rsyslog.com"] exiting on signal 15.
Thomas Schmitt
Nov 5, 2022, 6:00:05 AM11/5/22
to
Hi,
local10 wrote:
> Any ideas as to get the old syslog date format back?
The internet points to /etc/rsyslog.conf and in there:
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
In
https://www.rsyslog.com/doc/v8-stable/configuration/templates.html
i read:
RSYSLOG_TraditionalFileFormat - The “old style” default log file format
with low-precision timestamps.
Have a nice day :)
Thomas
local10 wrote:
> Any ideas as to get the old syslog date format back?
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
In
https://www.rsyslog.com/doc/v8-stable/configuration/templates.html
i read:
RSYSLOG_TraditionalFileFormat - The “old style” default log file format
with low-precision timestamps.
Have a nice day :)
Thomas
local10
Nov 5, 2022, 6:40:05 AM11/5/22
to
Nov 5, 2022, 09:55 by scdb...@gmx.net:
> Hi,
>
> local10 wrote:
>
>> Any ideas as to get the old syslog date format back?
>>
>
> The internet points to /etc/rsyslog.conf and in there:
>
> #
> # Use traditional timestamp format.
> # To enable high precision timestamps, comment out the following line.
> #
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>
Doesn't seem to work for me.
I didn't have "$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat" line in the /etc/rsyslog.conf file so I added it but it didn't change the syslog date format for some reason:
# cat /etc/rsyslog.conf
...
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# systemctl restart rsyslog.service
#
# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
Active: active (running) since Sat 2022-11-05 06:25:57 EDT; 5s ago
TriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 157593 (rsyslogd)
Tasks: 4 (limit: 8813)
Memory: 2.7M
CPU: 6ms
CGroup: /system.slice/rsyslog.service <http://system.slice/rsyslog.service>
└─157593 /usr/sbin/rsyslogd -n -iNONE
Nov 05 06:25:57 tst systemd[1]: rsyslog.service: Deactivated successfully.
Nov 05 06:25:57 tst systemd[1]: Stopped System Logging Service.
Nov 05 06:25:57 tst rsyslogd[157593]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2210.0]
Nov 05 06:25:57 tst systemd[1]: Starting System Logging Service...
Nov 05 06:25:57 tst rsyslogd[157593]: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com"] start
Nov 05 06:25:57 tst systemd[1]: Started System Logging Service.
# cat /var/log/syslog
...
2022-11-05T06:25:57.617308-04:00 tst systemd[1]: Stopping System Logging Service...
2022-11-05T06:25:57.672637-04:00 tst systemd[1]: rsyslog.service: Deactivated successfully.
2022-11-05T06:25:57.672835-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157518" x-info="https://www.rsyslog.com"] exiting on signal 15.
2022-11-05T06:25:57.672895-04:00 tst systemd[1]: Stopped System Logging Service.
2022-11-05T06:25:57.673264-04:00 tst rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2210.0]
2022-11-05T06:25:57.673332-04:00 tst systemd[1]: Starting System Logging Service...
2022-11-05T06:25:57.673386-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com"] start
2022-11-05T06:25:57.673437-04:00 tst systemd[1]: Started System Logging Service.
Regards,
> Hi,
>
> local10 wrote:
>
>> Any ideas as to get the old syslog date format back?
>>
>
> The internet points to /etc/rsyslog.conf and in there:
>
> #
> # Use traditional timestamp format.
> # To enable high precision timestamps, comment out the following line.
> #
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>
I didn't have "$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat" line in the /etc/rsyslog.conf file so I added it but it didn't change the syslog date format for some reason:
# cat /etc/rsyslog.conf
...
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# systemctl restart rsyslog.service
#
# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
Active: active (running) since Sat 2022-11-05 06:25:57 EDT; 5s ago
TriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 157593 (rsyslogd)
Tasks: 4 (limit: 8813)
Memory: 2.7M
CPU: 6ms
CGroup: /system.slice/rsyslog.service <http://system.slice/rsyslog.service>
└─157593 /usr/sbin/rsyslogd -n -iNONE
Nov 05 06:25:57 tst systemd[1]: rsyslog.service: Deactivated successfully.
Nov 05 06:25:57 tst systemd[1]: Stopped System Logging Service.
Nov 05 06:25:57 tst rsyslogd[157593]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2210.0]
Nov 05 06:25:57 tst systemd[1]: Starting System Logging Service...
Nov 05 06:25:57 tst rsyslogd[157593]: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com"] start
Nov 05 06:25:57 tst systemd[1]: Started System Logging Service.
# cat /var/log/syslog
...
2022-11-05T06:25:57.617308-04:00 tst systemd[1]: Stopping System Logging Service...
2022-11-05T06:25:57.672637-04:00 tst systemd[1]: rsyslog.service: Deactivated successfully.
2022-11-05T06:25:57.672835-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157518" x-info="https://www.rsyslog.com"] exiting on signal 15.
2022-11-05T06:25:57.672895-04:00 tst systemd[1]: Stopped System Logging Service.
2022-11-05T06:25:57.673264-04:00 tst rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2210.0]
2022-11-05T06:25:57.673332-04:00 tst systemd[1]: Starting System Logging Service...
2022-11-05T06:25:57.673386-04:00 tst rsyslogd: [origin software="rsyslogd" swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com"] start
2022-11-05T06:25:57.673437-04:00 tst systemd[1]: Started System Logging Service.
Regards,
Jim Popovitch
Nov 5, 2022, 11:10:07 AM11/5/22
to
On Sat, 2022-11-05 at 11:34 +0100, local10 wrote:
> Nov 5, 2022, 09:55 by scdb...@gmx.net:
>
> > Hi,
> >
> > local10 wrote:
> >
> > > Any ideas as to get the old syslog date format back?
> > >
> >
> > The internet points to /etc/rsyslog.conf and in there:
> >
> > #
> > # Use traditional timestamp format.
> > # To enable high precision timestamps, comment out the following line.
> > #
> > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> >
>
>
> Doesn't seem to work for me.
Didn't work for me earlier. To fix this I had to add
> Nov 5, 2022, 09:55 by scdb...@gmx.net:
>
> > Hi,
> >
> > local10 wrote:
> >
> > > Any ideas as to get the old syslog date format back?
> > >
> >
> > The internet points to /etc/rsyslog.conf and in there:
> >
> > #
> > # Use traditional timestamp format.
> > # To enable high precision timestamps, comment out the following line.
> > #
> > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> >
>
>
> Doesn't seem to work for me.
$template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
Who thought of adding "[localhost]" in the middle of all new syslog
lines, and why didn't they coordinate with the logcheck team?
-Jim P.
Greg Wooledge
Nov 5, 2022, 11:40:06 AM11/5/22
to
> > > local10 wrote:
> > >
> > > > Any ideas as to get the old syslog date format back?
What caused a change? What version of Debian are you running? What
> > >
> > > > Any ideas as to get the old syslog date format back?
happened on the date in question (November 4) -- were some packages
updated? Which ones?
Here in Debian 11 (bullseye), I see no such change.
Nov 5 11:25:01 unicorn CRON[1581849]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
My /etc/rsyslog.conf contains the incredibly long and awkward line
in question.
###########################
#### GLOBAL DIRECTIVES ####
###########################
local10
Nov 5, 2022, 12:30:05 PM11/5/22
to
Nov 5, 2022, 14:53 by j...@k4vqc.com:
> On Sat, 2022-11-05 at 11:34 +0100, local10 wrote:
>
>> Nov 5, 2022, 09:55 by scdb...@gmx.net:
>>
>> > Hi,
>> >
>> > local10 wrote:
>> >
>> > > Any ideas as to get the old syslog date format back?
>> > >
>> >
>> > The internet points to /etc/rsyslog.conf and in there:
>> >
>> > #
>> > # Use traditional timestamp format.
>> > # To enable high precision timestamps, comment out the following line.
>> > #
>> > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>> >
>>
>>
>> Doesn't seem to work for me.
>>
>
> Didn't work for me earlier. To fix this I had to add
>
> $template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
>
Got it working. Apparently, the $ActionFileDefaultTemplate directive is place sensitive and must be placed under the the GLOBAL DIRECTIVES section. Didn't work for me when it was placed at the end of rsyslog.conf file. Pretty strange.
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
## Enable old syslog date format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Thanks to everyone who responded.
> On Sat, 2022-11-05 at 11:34 +0100, local10 wrote:
>
>> Nov 5, 2022, 09:55 by scdb...@gmx.net:
>>
>> > Hi,
>> >
>> > local10 wrote:
>> >
>> > > Any ideas as to get the old syslog date format back?
>> > >
>> >
>> > The internet points to /etc/rsyslog.conf and in there:
>> >
>> > #
>> > # Use traditional timestamp format.
>> > # To enable high precision timestamps, comment out the following line.
>> > #
>> > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>> >
>>
>>
>> Doesn't seem to work for me.
>>
>
> Didn't work for me earlier. To fix this I had to add
>
> $template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
>
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
## Enable old syslog date format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Thanks to everyone who responded.
Greg Wooledge
Nov 5, 2022, 12:30:05 PM11/5/22
to
On Sat, Nov 05, 2022 at 05:12:40PM +0100, local10 wrote:
> Nov 5, 2022, 15:30 by gr...@wooledge.org:
https://metadata.ftp-master.debian.org/changelogs//main/r/rsyslog/rsyslog_8.2210.0-3_changelog
rsyslog (8.2210.0-3) unstable; urgency=medium
[...]
* Enable high precision timestamps with timezone information.
Use the default rsyslog file format, which provides several benefits
like:
- sortable
- time zone information
- sub-second time resolution
Testing and unstable users ought to expect changes, and they ought to
be self-aware enough to include "I'm running testing" in their emails.
> Nov 5, 2022, 15:30 by gr...@wooledge.org:
>
> >> > > local10 wrote:
> >> > >
> >> > > > Any ideas as to get the old syslog date format back?
> >>
> >
> > What caused a change?
> >
>
>
> Who knows? I suspect [UPGRADE] rsyslog:amd64 8.2210.0-1 -> 8.2210.0-3 that happened around November 4, 2022.
> >> > > local10 wrote:
> >> > >
> >> > > > Any ideas as to get the old syslog date format back?
> >>
> >
> > What caused a change?
> >
>
>
https://metadata.ftp-master.debian.org/changelogs//main/r/rsyslog/rsyslog_8.2210.0-3_changelog
rsyslog (8.2210.0-3) unstable; urgency=medium
[...]
* Enable high precision timestamps with timezone information.
Use the default rsyslog file format, which provides several benefits
like:
- sortable
- time zone information
- sub-second time resolution
Testing and unstable users ought to expect changes, and they ought to
be self-aware enough to include "I'm running testing" in their emails.
0 new messages