|
Q: Modifying the date/time stamp of messages from syslog "classic"... doable?
I have one old system that doesn't (currently anyway... maybe never because of memory constraints [1]) run a new enough Linux that uses syslog-ng. On my newer systems, I've tweaked the syslog-ng.conf files to generate the timesta in ISO8601 format (yyyy-mm-ddThh:mm:ss). I've looked at every old UNIX text that I can lay my hands on but I can't seem to find any documentation that describes a configuration option that lets one alter the timestamp format for "classic" syslog. Am I outta luck trying to get this old box to join the other systems and have a consistent log file appearance? (Sorry but I absolutely hate the three-letter months that are used by default.)
Q: Was this even possible back then? I'm guessing I could track down the source code for the old syslogd and see if I could modify it to use the ISO format (could be fun, actually) but that's just another thing to go into the queue and may never get done. (You know how that goes...) Here's hoping someone out there knows of a trick to beat the old syslogd into submission. :) TIA... -- Rick [1] -- I've started combing through old CDs to see what is the oldest distribution that I have on-hand that used syslog-ng and that might run on that memory-starved system but I'm not hopeful that I'll find anything lean enough. |
You might find it easier to copy syslog-ng source and rebuild it on that system rather than futz with the old code, at least as a first attempt.
|
Send syslog to a remote syslog server that's capable of doing what you want?..
|
Leave the systems alone,.. just send everything to a remote logstash instance, then rewrite the timestamp and store all your syslogs in elasticsearch.
http://logstash.net/docs/1.4.2/tutor...e-walkthrough/ http://www.elasticsearch.org/overview/kibana/ |
| All times are GMT -5. The time now is 05:10 AM. |