Menu
Is there anyway we can change the date format in a particular log file being logged to by syslog? I don't want to change the way all logs are being logged, but just by log file.
EDIT: I'm using syslogd (in FreeBSD)
This is how my file looks like now:
Dec 5 07:52:10 Log data 1
Dec 5 07:52:10 Log data 2
Dec 5 07:52:10 Log data 3
This is how I want it to look like:
20131205 07:52:10 Log data 1
20131205 07:52:10 Log data 2
20131205 07:52:10 Log data 3
My syslog.conf looks like this, where /var/log/my_log.log is my logfile:
+@
*.notice;local0.none;local1.none;local2.none;authpriv.none;kern.debug;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
console.info /var/log/console.log
local1.info /var/log/my_log.log
847
The Syslog Format A Syslog message has the following format: A header, followed by structured-data (SD), followed by a message.
System Logging Protocol (Syslog) is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
Rsyslog is mainly available for Linux and recently for Solaris. The syslog-ng application is highly portable and available for many more platforms including AIX, HP-UX, Linux, Solaris, Tru64 and most variants of BSD. This makes syslog-ng more suitable for sites with diverse platforms.
Even if you found a different solution, I give an answer for others.
Edit your syslog configuration file (On Debian for example: /etc/syslog-ng/syslog-ng.conf).
Then declare a new template like this :
template template_date_format {
template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${HOST} ${MSGHDR}${MSG}\n");
template_escape(no);
};
This is an example but you can use different macros according to syslog documentation linked in user9645's answer.
After that, find in this configuration file, all the files you want to change the output format and apply this template to them.
For example, I want to change /var/log/auth.log output format, then I change :
destination d_auth { file("/var/log/auth.log"); };
to :
destination d_auth { file("/var/log/auth.log" template(template_date_format)); };
Then restart syslog (service syslog-ng restart) and try a login to see the changes in your auth.log.
185
I had the same issue using FreeBSD 9.2 and Zabbix system monitor GUI which cannot handle things like 'Jan' or 'Feb' in the date stamp (!) on the system log messages.
What I did was install the sysutils/syslog-ng port, and use the convert-syslogconf.awk script to migrate my /etc/syslog.conf to /usr/local/etc/syslog-ng.conf (which thankfully seemed to work well with even a fairly complex config) and added this custom formatting template to all the file() destinations:
template t_msgfmt {
template("${ISODATE} ${HOST} ${FACILITY} ${LEVEL} ${MSGHDR}${MSG}\n");
template_escape(no);
};
You can find (lots) more formatting info in the syslog-ng manual section 11.1. It is working good for me (so far) hope it helps you!
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
