On Sat, 2021-12-18 at 15:58 +0100, Michael Biebl wrote: > Am 23.11.21 um 23:53 schrieb Scott Kitterman: > > On Tuesday, November 23, 2021 3:49:17 PM EST Simon Josefsson wrote: > > > Michael Biebl <biebl@debian.org> writes: > > > > Hi, > > > > > > > > we are early in the bookworm release cycle, so I guess it's the > > > > perfect time to bring up this topic. > > > > > > Sorry for hijacking the thread, but perhaps now is a good time to stop > > > using the legacy syslog time format and use the standardized RFC 5424 > > > format? It is the default format in upstream rsyslog, but the default > > > Debian config uses the legacy format. > > > > > > Effectively, the change that I suggest is to stop putting this into > > > /etc/rsyslog.conf by default: > > > > > > # > > > # Use traditional timestamp format. > > > # To enable high precision timestamps, comment out the following line. > > > # > > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > > > The legacy time format that is used today does not record year, timezone > > > or subsecond information. Compare /var/log/syslog outputs like this: > > > Nov 23 21:47:31 latte jas: test > > > > > > with > > > > > > 2021-11-23T21:47:49.082799+01:00 latte jas: test > > > > > > /Simon > > I completely agree and I wanted to do this change for a long time, see > [1]. When we introduced rsyslog as default syslogger over a decade ago, > we opted for maximum compatibility with the old sysklogd and > there was the concern, that this might break other tools like logwatch. > > I'm not a user of logwatch, so I don't know, if logwatch nowadays can > handle RFC 5424 timestamps, but even if so, I think the benefits > outweigh the potential breakage. And it's easy enough for users to > create a drop-in config snippet with > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > Such a snippet could even be shipped by packages like logwatch or > logcheck, if they can't be fixed to support the newer timestamps. > > > That said, I plan to make this change in one of the next uploads. > > > That seams like a reasonable change to make, but it should definitely be > > mentioned in NEWS for the package and the Debian release notes. > > > > Scott K > > > > Yes to both. Thanks for the suggestion. > > Regards, > Michael > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303 > +1 for this change. Regards Phil -- *** Playing the game for the games own sake. *** WWW: https://kathenas.org Twitter: @kathenasorg IRC: kathenas GPG: 724AA9B52F024C8B
Attachment:
signature.asc
Description: This is a digitally signed message part