On 18.12.21 21:57, Roger Lynn wrote:
On 18/12/2021 15:00, Michael Biebl wrote:I'm not a user of logwatch, so I don't know, if logwatch nowadays can handle RFC 5424 timestamps, but even if so, I think the benefits outweigh the potential breakage. And it's easy enough for users to create a drop-in config snippet with $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Such a snippet could even be shipped by packages like logwatch or logcheck, if they can't be fixed to support the newer timestamps.It sounds like you're already going to do this anyway, but please include a commented out line in the config file for how to return to the previous format.
I probably won't do that but instead ship an example config snippet that people can drop into /etc/rsyslog.d/. This is easier to automate anyway.
For "normal" users, I think this change makes it harder
to read and makes the lines longer for very little benefit.
Just to re-iterate, the benefits are - sub second resolution - includes timezone information - sortable and much easier to filter for time ranges- includes the full date, ie. if you are looking at older log files, you can actually see from which year the log message originated from
Sure, the timestamp is longer as it includes more information, but I don't find it particularly harder to read.That said, if you want to improve the legibility of log files, I can recommend tools like grc (apt install grc), which will colorize the output.
Regards, Michael
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature