I have multiple servers running Centos 5.5 or later, some of them have syslogs with date stamps like:
Sep 1 05:12:36
and some of them like:
2011-09-04T09:21:42.442689-07:00.
I would really like to get them all the same so the same analysis scripts can be used, but I have not been able to identify where the date formatting is set. Someone please help. I have already spent much to much time on this. Thanks
Jump to PostThe way the logs are written to is determined by the application doing the writing. Normally there are entries in the application conf file to tell it how to make entries in the log.
The way the logs are written to is determined by the application doing the writing. Normally there are entries in the application conf file to tell it how to make entries in the log.
The way the logs are written to is determined by the application doing the writing. Normally there are entries in the application conf file to tell it how to make entries in the log.
I much appreciate your taking the time to reply, and I guess your info was correct for application logs, but I was asking about syslogs. I have since discovered:
http://www.rsyslog.com/doc/rsyslog_conf_templates.html
Template names beginning with "RSYSLOG_" are reserved for rsyslog use. Do NOT use them if, otherwise you may receive a conflict in the future (and quite unpredictable behaviour). There is a small set of pre-defined templates that you can use without the need to define it:
RSYSLOG_TraditionalFileFormat - the "old style" default log file format with low-precision timestamps
RSYSLOG_FileFormat - a modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
RSYSLOG_TraditionalForwardFormat - the traditional forwarding format with low-precision timestamps. Most useful if you send messages to other syslogd's or rsyslogd below version 3.12.5.
RSYSLOG_ForwardFormat - a new high-precision forwarding format very similar to the traditional one, but with high-precision timestamps and timezone information. Recommended to be used when sending messages to rsyslog 3.12.5 or above.
RSYSLOG_SyslogProtocol23Format - the format specified in IETF's internet-draft ietf-syslog-protocol-23, which is assumed to be come the new syslog standard RFC. This format includes several improvements. The rsyslog message parser understands this format, so you can use it together with all relatively recent versions of rsyslog. Other syslogd's may get hopelessly confused if receiving that format, so check before you use it. Note that the format is unlikely to change when the final RFC comes out, but this may happen.
RSYSLOG_DebugFormat - a special format used for troubleshooting property problems. This format is meant to be written to a log file. Do not use for production or remote forwarding.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.