syslog and setting new date format

Latest response

I am running RHEL7.2. Syslog version 7.4.7. I'd like to change the date format in syslog files from default to:

YY/DOY (Where YY is two-digit year, and DOY is Day Of Year).

I am struggling with the syslog man pages. I know I can create a custom template in syslog.conf, but what format do I use?

John Clark's picture
Log in to join the conversation

Responses

SM Guru 7056 points
31 March 2017 7:25 PM

Yes, even I was trying to change the date format and after some research in google and with help of "rsyslog" man page, I was able to change the format. You would need to define a separate template for this and make message files or whichever directive to use this template instead of default.

So, initially I wanted the log files to print date in this format "31-Mar-2017 14:59:20... XXXXXXXXXXX", hence, I went and added a custom template in /etc/rsyslog.conf file as below:

#$template MyTemplate,"%$DAY%-%$MONTH%-%$YEAR% %$HOUR%.%$MINUTE% %HOSTNAME% %syslogtag% %msg%\n"

And then added custom template name to messages file as shown below:

*.info;mail.none;authpriv.none;cron.none                /var/log/messages;MyTemplate

Later, restarted rsyslog daemon and I could see log files modified, however, not as per my expectations. Sample output is pasted here:

31-03-2017 15.04 ftp-server kernel: imklog 5.8.10, log source = /proc/kmsg started.
31-03-2017 15.04 ftp-server rsyslogd:  [origin software="rsyslogd" swVersion="5.8.10" x-pid="19304" x-info="http://www.rsyslog.com"] start
31-03-2017 15.04 ftp-server root:  testing

So, it was not as I expected. I got help from this site http://lists.adiscon.net/pipermail/rsyslog/2013-January/031503.html and later I was able to make modifications to the template as shown here to get the deisred format output:

$template MyTemplate,"%$day%-%timegenerated:1:3:date-rfc3164%-%$year% %timegenerated:12:19:date-rfc3339% %HOSTNAME% %syslogtag% %msg%\n"

After restart of the rsyslog daemon then I could see log files generated with the format that I expected, as pasted below:

31-Mar-2017 15:09:31 ftp-server kernel: imklog 5.8.10, log source = /proc/kmsg started.
31-Mar-2017 15:09:31 ftp-server rsyslogd:  [origin software="rsyslogd" swVersion="5.8.10" x-pid="19368" x-info="http://www.rsyslog.com"] start
31-Mar-2017 15:09:32 ftp-server root:  testing

I hope this would certainly give you hints you should be able to generate log files as per your requirements, something similar to this one:

$template MyTemplate,"%$year%/%timegenerated:1:3:date-rfc3164%/%$day% %HOSTNAME% %syslogtag% %msg%\n"
John Clark's picture Community Member 27 points
19 May 2017 10:28 PM

Sadashiva, This certainly is extremely helpful for me, thank you. However, I am struggling to find the "Day Of Year" (DOY 1 - 366) within these formats. Are you or anyone else aware of how I can get a DOY into my timestamp?