Am 23.11.21 um 23:53 schrieb Scott Kitterman:
On Tuesday, November 23, 2021 3:49:17 PM EST Simon Josefsson wrote:Michael Biebl <biebl@debian.org> writes:Hi, we are early in the bookworm release cycle, so I guess it's the perfect time to bring up this topic.Sorry for hijacking the thread, but perhaps now is a good time to stop using the legacy syslog time format and use the standardized RFC 5424 format? It is the default format in upstream rsyslog, but the default Debian config uses the legacy format. Effectively, the change that I suggest is to stop putting this into /etc/rsyslog.conf by default: # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat The legacy time format that is used today does not record year, timezone or subsecond information. Compare /var/log/syslog outputs like this:
Nov 23 21:47:31 latte jas: test with 2021-11-23T21:47:49.082799+01:00 latte jas: test /Simon
I completely agree and I wanted to do this change for a long time, see [1]. When we introduced rsyslog as default syslogger over a decade ago, we opted for maximum compatibility with the old sysklogd and
there was the concern, that this might break other tools like logwatch.I'm not a user of logwatch, so I don't know, if logwatch nowadays can handle RFC 5424 timestamps, but even if so, I think the benefits outweigh the potential breakage. And it's easy enough for users to create a drop-in config snippet with
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormatSuch a snippet could even be shipped by packages like logwatch or logcheck, if they can't be fixed to support the newer timestamps.
That said, I plan to make this change in one of the next uploads.
That seams like a reasonable change to make, but it should definitely be mentioned in NEWS for the package and the Debian release notes. Scott K
Yes to both. Thanks for the suggestion. Regards, Michael [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303