On Wed, Apr 25, 2018 at 12:49 PM, Asif Iqbal <vadud3@gmail.com> wrote:

How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log

So today the time in the shows like this

  Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ...

I like to change it like below

  2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, ....

{"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"}

That was the output of

filter f_alarm { facility(user) and match("alarmLog" value("PROGRAM")); };

destination d_alarm { file ("/var/log/alarms.log" template("$(format-json -s syslog-proto)\n")); };

--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?