Why does the syslog timestamp not include a year?2019 Community Moderator Election(L)ubuntu 12.04 syslog to custom file (not /var/log/syslog but /var/log/mylog) - ubuntu 12.04What is the local6 (and all other local#) facilities in syslog?Why Linux syslog file does not follow the RFC3339 protocol?Why does rsyslogd not honor the following lines in rsyslog.ddansguardian not using syslogWhy does abrt take over log output for a process that didn't crash?how to have syslog not log particular warnings?Changing the Facility of outgoing syslog message using rsyslog configurationSystemd Python service not sending all output to syslogAdding the related username to syslog logging
Recommended PCB layout understanding - ADM2572 datasheet
Has any country ever had 2 former presidents in jail simultaneously?
What are the advantages of simplicial model categories over non-simplicial ones?
How to align my equation to left?
Plot of a tornado-shaped surface
Do we have to expect a queue for the shuttle from Watford Junction to Harry Potter Studio?
Multiplicative persistence
How can I write humor as character trait?
Why does the Sun have different day lengths, but not the gas giants?
How can I avoid dust and bubbles when installing window film?
How to create table with 2D function values?
Why Shazam when there is already Superman?
Bridge building with irregular planks
Why can Carol Danvers change her suit colours in the first place?
How could a planet have erratic days?
Why do Radio Buttons not fill the entire outer circle?
Open a doc from terminal, but not by its name
Does IPv6 have similar concept of network mask?
What to do when eye contact makes your subordinate uncomfortable?
Why is short-wave infrared portion of electromagnetic spectrum so sensitive to fire?
A binary search solution to 3Sum
User Story breakdown - Technical Task + User Feature
Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?
Quasinilpotent , non-compact operators
Why does the syslog timestamp not include a year?
2019 Community Moderator Election(L)ubuntu 12.04 syslog to custom file (not /var/log/syslog but /var/log/mylog) - ubuntu 12.04What is the local6 (and all other local#) facilities in syslog?Why Linux syslog file does not follow the RFC3339 protocol?Why does rsyslogd not honor the following lines in rsyslog.ddansguardian not using syslogWhy does abrt take over log output for a process that didn't crash?how to have syslog not log particular warnings?Changing the Facility of outgoing syslog message using rsyslog configurationSystemd Python service not sending all output to syslogAdding the related username to syslog logging
I am planning to store some of my log messages for more than a year, but the syslog timestamp description from RFC3164 does not include a year in the timestamp portion of a log entry. An example timestamp that I found in my CentOS log messages is Mar 16 07:46:24.
RFC5424 is supposed to make RFC3164 obsolete, but it seems very common across operating systems to use a mmm dd date in logs. RFC5424 is six years old, so I am surprised it is not standard. Why wasn't a year included in RFC3164? Are logs meant to be very temporary? What is the reason for not including a year in logs today?
date syslog
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
add a comment |
I am planning to store some of my log messages for more than a year, but the syslog timestamp description from RFC3164 does not include a year in the timestamp portion of a log entry. An example timestamp that I found in my CentOS log messages is Mar 16 07:46:24.
RFC5424 is supposed to make RFC3164 obsolete, but it seems very common across operating systems to use a mmm dd date in logs. RFC5424 is six years old, so I am surprised it is not standard. Why wasn't a year included in RFC3164? Are logs meant to be very temporary? What is the reason for not including a year in logs today?
date syslog
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
4
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch tosystemd(resistance is futile), you can usejournalctl's-o short-isooption to get real ISO 8601 timestamps.
– Mark Plotnick
Mar 16 '15 at 18:08
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43
add a comment |
I am planning to store some of my log messages for more than a year, but the syslog timestamp description from RFC3164 does not include a year in the timestamp portion of a log entry. An example timestamp that I found in my CentOS log messages is Mar 16 07:46:24.
RFC5424 is supposed to make RFC3164 obsolete, but it seems very common across operating systems to use a mmm dd date in logs. RFC5424 is six years old, so I am surprised it is not standard. Why wasn't a year included in RFC3164? Are logs meant to be very temporary? What is the reason for not including a year in logs today?
date syslog
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
I am planning to store some of my log messages for more than a year, but the syslog timestamp description from RFC3164 does not include a year in the timestamp portion of a log entry. An example timestamp that I found in my CentOS log messages is Mar 16 07:46:24.
RFC5424 is supposed to make RFC3164 obsolete, but it seems very common across operating systems to use a mmm dd date in logs. RFC5424 is six years old, so I am surprised it is not standard. Why wasn't a year included in RFC3164? Are logs meant to be very temporary? What is the reason for not including a year in logs today?
date syslog
date syslog
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
edited Mar 16 '15 at 22:50
Gilles
543k12811011618
543k12811011618
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
asked Mar 16 '15 at 17:34
Sean FaheySean Fahey
13615
13615
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
4
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch tosystemd(resistance is futile), you can usejournalctl's-o short-isooption to get real ISO 8601 timestamps.
– Mark Plotnick
Mar 16 '15 at 18:08
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43
add a comment |
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
4
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch tosystemd(resistance is futile), you can usejournalctl's-o short-isooption to get real ISO 8601 timestamps.
– Mark Plotnick
Mar 16 '15 at 18:08
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
4
4
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch to
systemd (resistance is futile), you can use journalctl's -o short-iso option to get real ISO 8601 timestamps.– Mark Plotnick
Mar 16 '15 at 18:08
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch to
systemd (resistance is futile), you can use journalctl's -o short-iso option to get real ISO 8601 timestamps.– Mark Plotnick
Mar 16 '15 at 18:08
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43
add a comment |
2 Answers
2
active
oldest
votes
If you would like to add custom timestamps to your syslog output, it's perhaps best to use syslog-ng.
According to this post you could use ts_format() to specify the year in syslog-ng.
According to the syslog-ng.conf(5) man page:
The syslog-ng application has a number of global options governing DNS
usage, the timestamp format used, and other general points. Each
option may have parameters, similarly to driver specifications. To set
global options, add an option statement to the syslog-ng configuration
file using the following syntax:
options option1(params); option2(params); ... ;
edited May 23 '17 at 12:39
Community♦
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
add a comment |
It doesn't include the year because the syslog format dates to the 1980s and programmers were less careful back then. Most log files were written for humans to read, not to be automatically parsed, and everybody knew what year it was.
answered Dec 20 '18 at 16:52
vy32vy32
1033
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190541%2fwhy-does-the-syslog-timestamp-not-include-a-year%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you would like to add custom timestamps to your syslog output, it's perhaps best to use syslog-ng.
According to this post you could use ts_format() to specify the year in syslog-ng.
According to the syslog-ng.conf(5) man page:
The syslog-ng application has a number of global options governing DNS
usage, the timestamp format used, and other general points. Each
option may have parameters, similarly to driver specifications. To set
global options, add an option statement to the syslog-ng configuration
file using the following syntax:
options option1(params); option2(params); ... ;
edited May 23 '17 at 12:39
Community♦
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
add a comment |
If you would like to add custom timestamps to your syslog output, it's perhaps best to use syslog-ng.
According to this post you could use ts_format() to specify the year in syslog-ng.
According to the syslog-ng.conf(5) man page:
The syslog-ng application has a number of global options governing DNS
usage, the timestamp format used, and other general points. Each
option may have parameters, similarly to driver specifications. To set
global options, add an option statement to the syslog-ng configuration
file using the following syntax:
options option1(params); option2(params); ... ;
edited May 23 '17 at 12:39
Community♦
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
add a comment |
If you would like to add custom timestamps to your syslog output, it's perhaps best to use syslog-ng.
According to this post you could use ts_format() to specify the year in syslog-ng.
According to the syslog-ng.conf(5) man page:
The syslog-ng application has a number of global options governing DNS
usage, the timestamp format used, and other general points. Each
option may have parameters, similarly to driver specifications. To set
global options, add an option statement to the syslog-ng configuration
file using the following syntax:
options option1(params); option2(params); ... ;
edited May 23 '17 at 12:39
Community♦
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
If you would like to add custom timestamps to your syslog output, it's perhaps best to use syslog-ng.
According to this post you could use ts_format() to specify the year in syslog-ng.
According to the syslog-ng.conf(5) man page:
The syslog-ng application has a number of global options governing DNS
usage, the timestamp format used, and other general points. Each
option may have parameters, similarly to driver specifications. To set
global options, add an option statement to the syslog-ng configuration
file using the following syntax:
options option1(params); option2(params); ... ;
edited May 23 '17 at 12:39
Community♦
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
edited May 23 '17 at 12:39
Community♦
1
edited May 23 '17 at 12:39
Community♦
1
edited May 23 '17 at 12:39
Community♦
1
1
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
answered Oct 7 '15 at 16:17
AppAraatAppAraat
88119
88119
add a comment |
add a comment |
It doesn't include the year because the syslog format dates to the 1980s and programmers were less careful back then. Most log files were written for humans to read, not to be automatically parsed, and everybody knew what year it was.
answered Dec 20 '18 at 16:52
vy32vy32
1033
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
add a comment |
It doesn't include the year because the syslog format dates to the 1980s and programmers were less careful back then. Most log files were written for humans to read, not to be automatically parsed, and everybody knew what year it was.
answered Dec 20 '18 at 16:52
vy32vy32
1033
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
add a comment |
It doesn't include the year because the syslog format dates to the 1980s and programmers were less careful back then. Most log files were written for humans to read, not to be automatically parsed, and everybody knew what year it was.
answered Dec 20 '18 at 16:52
vy32vy32
1033
It doesn't include the year because the syslog format dates to the 1980s and programmers were less careful back then. Most log files were written for humans to read, not to be automatically parsed, and everybody knew what year it was.
answered Dec 20 '18 at 16:52
vy32vy32
1033
answered Dec 20 '18 at 16:52
vy32vy32
1033
answered Dec 20 '18 at 16:52
vy32vy32
1033
answered Dec 20 '18 at 16:52
vy32vy32
1033
1033
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
add a comment |
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Do you have a reference for that, with a more specific date than "the 1980s"? (Section 5.1 of RFC3164 would be a good place to start.) As it stands, this answer is quite vague and looks like a guess or opinion.
– JigglyNaga
Dec 20 '18 at 17:31
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
Well, I started using BSD 4.2 Unix in 1984. Syslog appeared in BSD 4.2 and that's when the decision was made to put in the month and day but not the year. (webcache.googleusercontent.com/…)
– vy32
Dec 20 '18 at 19:38
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
See comment above about Mark Poltnick.
– vy32
Dec 20 '18 at 21:44
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190541%2fwhy-does-the-syslog-timestamp-not-include-a-year%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-date, syslog
From a practical point of view, if you rotate logfiles, additional information is available from the filename or file metadata of the rotated file.
– Ulrich Schwarz
Mar 16 '15 at 17:54
will the log file's creation date not help?
– Milind Dumbare
Mar 16 '15 at 17:59
4
I suspect "compatibility with 35 years' worth of BSD-style syslog logs" is the reason, but have no documented proof. When you eventually switch to
systemd(resistance is futile), you can usejournalctl's-o short-isooption to get real ISO 8601 timestamps.– Mark Plotnick
Mar 16 '15 at 18:08
@MilindDumbare alas, the log file's creation date is not reliable. Log files may be copied prior to analysis. Also, syslog allows messages to be moved from machine-to-machine, so the creation date on the machine where the syslog messages are collected may have nothing to do with where they were sent. They may even be collected in a database, and not in a file.
– vy32
Dec 20 '18 at 21:41
Anyone looking for a reference can certainly use @MarkPlotnick as a reference. He's been around a while, too... See: books.google.com/…
– vy32
Dec 20 '18 at 21:43