Re: Changes in the syslog date format?

2022-11-05 Thread Greg Wooledge 
On Sat, Nov 05, 2022 at 05:12:40PM +0100, local10 wrote:
> Nov 5, 2022, 15:30 by g...@wooledge.org:
> 
> >> > > local10 wrote:
> >> > > 
> >> > > > Any ideas as to get the old syslog date format back?
> >>
> >
> > What caused a change?
> >
> 
> 
> Who knows? I suspect   [UPGRADE] rsyslog:amd64 8.2210.0-1 -> 8.2210.0-3 that 
> happened around November 4, 2022.

https://metadata.ftp-master.debian.org/changelogs//main/r/rsyslog/rsyslog_8.2210.0-3_changelog

rsyslog (8.2210.0-3) unstable; urgency=medium
[...]
  * Enable high precision timestamps with timezone information.
Use the default rsyslog file format, which provides several benefits
like:
- sortable
- time zone information
- sub-second time resolution

Testing and unstable users ought to expect changes, and they ought to
be self-aware enough to include "I'm running testing" in their emails.

[SOLVED] Re: Changes in the syslog date format?

2022-11-05 Thread local10 
Nov 5, 2022, 14:53 by j...@k4vqc.com:

> On Sat, 2022-11-05 at 11:34 +0100, local10 wrote:
>
>> Nov 5, 2022, 09:55 by scdbac...@gmx.net:
>>
>> > Hi,
>> > 
>> > local10 wrote:
>> > 
>> > > Any ideas as to get the old syslog date format back?
>> > > 
>> > 
>> > The internet points to /etc/rsyslog.conf and in there:
>> > 
>> >  #
>> >  # Use traditional timestamp format.
>> >  # To enable high precision timestamps, comment out the following line.
>> >  #
>> >  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>> > 
>>
>>
>> Doesn't seem to work for me.
>>
>
> Didn't work for me earlier.  To fix this I had to add
>
> $template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
>


Got it working. Apparently, the $ActionFileDefaultTemplate directive is place 
sensitive and must be placed under the the GLOBAL DIRECTIVES section. Didn't 
work for me when it was placed at the end of rsyslog.conf file. Pretty strange.

###
 GLOBAL DIRECTIVES 
###

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

## Enable old syslog date format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat



Thanks to everyone who responded.

Re: Changes in the syslog date format?

2022-11-05 Thread Greg Wooledge 
> > > local10 wrote:
> > > 
> > > > Any ideas as to get the old syslog date format back?

What caused a change?  What version of Debian are you running?  What
happened on the date in question (November 4) -- were some packages
updated?  Which ones?

Here in Debian 11 (bullseye), I see no such change.


Nov  5 11:25:01 unicorn CRON[1581849]: (root) CMD (command -v debian-sa1 > 
/dev/null && debian-sa1 1 1)


My /etc/rsyslog.conf contains the incredibly long and awkward line
in question.


###
 GLOBAL DIRECTIVES 
###

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Re: Changes in the syslog date format?

2022-11-05 Thread Jim Popovitch 
On Sat, 2022-11-05 at 11:34 +0100, local10 wrote:
> Nov 5, 2022, 09:55 by scdbac...@gmx.net:
> 
> > Hi,
> > 
> > local10 wrote:
> > 
> > > Any ideas as to get the old syslog date format back?
> > > 
> > 
> > The internet points to /etc/rsyslog.conf and in there:
> > 
> >  #
> >  # Use traditional timestamp format.
> >  # To enable high precision timestamps, comment out the following line.
> >  #
> >  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> > 
> 
> 
> Doesn't seem to work for me.

Didn't work for me earlier.  To fix this I had to add

$template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"


Who thought of adding "[localhost]" in the middle of all new syslog
lines, and why didn't they coordinate with the logcheck team?

-Jim P.

Re: Changes in the syslog date format?

2022-11-05 Thread local10 
Nov 5, 2022, 09:55 by scdbac...@gmx.net:

> Hi,
>
> local10 wrote:
>
>> Any ideas as to get the old syslog date format back?
>>
>
> The internet points to /etc/rsyslog.conf and in there:
>
>  #
>  # Use traditional timestamp format.
>  # To enable high precision timestamps, comment out the following line.
>  #
>  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>


Doesn't seem to work for me.


I didn't have "$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat" line 
in the /etc/rsyslog.conf file so I added it but it didn't change the syslog 
date format for some reason:

# cat /etc/rsyslog.conf 
...
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat



# systemctl restart rsyslog.service
#
# systemctl status  rsyslog.service
● rsyslog.service - System Logging Service
 Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: 
enabled)
 Active: active (running) since Sat 2022-11-05 06:25:57 EDT; 5s ago
TriggeredBy: ● syslog.socket
   Docs: man:rsyslogd(8)
 man:rsyslog.conf(5)
 https://www.rsyslog.com/doc/
   Main PID: 157593 (rsyslogd)
  Tasks: 4 (limit: 8813)
 Memory: 2.7M
    CPU: 6ms
 CGroup: /system.slice/rsyslog.service 
 └─157593 /usr/sbin/rsyslogd -n -iNONE

Nov 05 06:25:57 tst systemd[1]: rsyslog.service: Deactivated successfully.
Nov 05 06:25:57 tst systemd[1]: Stopped System Logging Service.
Nov 05 06:25:57 tst rsyslogd[157593]: imuxsock: Acquired UNIX socket 
'/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2210.0]
Nov 05 06:25:57 tst systemd[1]: Starting System Logging Service...
Nov 05 06:25:57 tst rsyslogd[157593]: [origin software="rsyslogd" 
swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com;] start
Nov 05 06:25:57 tst systemd[1]: Started System Logging Service.



# cat /var/log/syslog
...
2022-11-05T06:25:57.617308-04:00 tst systemd[1]: Stopping System Logging 
Service...
2022-11-05T06:25:57.672637-04:00 tst systemd[1]: rsyslog.service: Deactivated 
successfully.
2022-11-05T06:25:57.672835-04:00 tst rsyslogd: [origin software="rsyslogd" 
swVersion="8.2210.0" x-pid="157518" x-info="https://www.rsyslog.com;] exiting 
on signal 15.
2022-11-05T06:25:57.672895-04:00 tst systemd[1]: Stopped System Logging Service.
2022-11-05T06:25:57.673264-04:00 tst rsyslogd: imuxsock: Acquired UNIX socket 
'/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2210.0]
2022-11-05T06:25:57.673332-04:00 tst systemd[1]: Starting System Logging 
Service...
2022-11-05T06:25:57.673386-04:00 tst rsyslogd: [origin software="rsyslogd" 
swVersion="8.2210.0" x-pid="157593" x-info="https://www.rsyslog.com;] start
2022-11-05T06:25:57.673437-04:00 tst systemd[1]: Started System Logging Service.



Regards,

Re: Changes in the syslog date format?

2022-11-05 Thread Thomas Schmitt 
Hi,

local10 wrote:
> Any ideas as to get the old syslog date format back?

The internet points to /etc/rsyslog.conf and in there:

  #
  # Use traditional timestamp format.
  # To enable high precision timestamps, comment out the following line.
  #
  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

In
  https://www.rsyslog.com/doc/v8-stable/configuration/templates.html
i read:
  RSYSLOG_TraditionalFileFormat - The “old style” default log file format
  with low-precision timestamps.


Have a nice day :)

Thomas

Changes in the syslog date format?

2022-11-05 Thread local10 
Hi,

It looks like the syslog date format has changed for some reason (see below) 
and the change is definitely less readable for me. The change maybe related to 
the rsyslog upgrade that happened around November 4, 2022:

    [UPGRADE] rsyslog:amd64 8.2210.0-1 -> 8.2210.0-3

Any ideas as to get the old syslog date format back?

Regards,


Nov  4 03:26:23 [localhost] systemd[1]: Reloading.  ## how syslog records 
used to look
2022-11-04T03:26:24.151066-04:00 tst systemd[1]: Stopping System Logging 
Service... ## how syslog records look now
2022-11-04T03:26:24.297040-04:00 tst rsyslogd: [origin software="rsyslogd" 
swVersion="8.2210.0" x-pid="463" x-info="https://www.rsyslog.com;] exiting on 
signal 15.