How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log So today the time in the shows like this Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ... I like to change it like below 2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, .... {"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"} -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
On Wed, Apr 25, 2018 at 12:49 PM, Asif Iqbal <vadud3@gmail.com> wrote:
How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log
So today the time in the shows like this
Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ...
I like to change it like below
2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, ....
{"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"}
That was the output of filter f_alarm { facility(user) and match("alarmLog" value("PROGRAM")); }; destination d_alarm { file ("/var/log/alarms.log" template("$(format-json -s syslog-proto)\n")); };
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
On Wed, Apr 25, 2018 at 12:57 PM, Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 12:49 PM, Asif Iqbal <vadud3@gmail.com> wrote:
How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log
So today the time in the shows like this
Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ...
I like to change it like below
2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, ....
{"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"}
That was the output of
filter f_alarm { facility(user) and match("alarmLog" value("PROGRAM")); };
destination d_alarm { file ("/var/log/alarms.log" template("$(format-json -s syslog-proto)\n")); };
I am using syslog-ng version 3.5.6, latest from centos 7
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
On Wed, Apr 25, 2018 at 10:36 PM, Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 12:57 PM, Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 12:49 PM, Asif Iqbal <vadud3@gmail.com> wrote:
How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log
So today the time in the shows like this
Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ...
I like to change it like below
2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, ....
{"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"}
That was the output of
filter f_alarm { facility(user) and match("alarmLog" value("PROGRAM")); };
destination d_alarm { file ("/var/log/alarms.log" template("$(format-json -s syslog-proto)\n")); };
I am using syslog-ng version 3.5.6, latest from centos 7
upgrade to syslog-ng 3.14 using the repo from here https://syslog-ng.com/blog/installing-latest-syslog-ng-on-rhel-and-other-rpm... -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Hello, There are a few date related macros, and I think you are looking for the $ISODATE. Of course first you have to fix up the date with the Configuration: @version: 3.15 log { source{internal();}; source{stdin(flags(no-parse));}; parser { kv-parser(); date-parser(format("%s") template("${generateTime}")); }; destination{file("/dev/stdout" template("$ISODATE $MSG\n") frac-digits(3));}; }; Console: Input: Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ... Output: 2018-04-25T18:44:23.000+02:00 Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ... You may need to tweak the configuration further more. -- Kokan On Thu, Apr 26, 2018 at 4:48 AM Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 10:36 PM, Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 12:57 PM, Asif Iqbal <vadud3@gmail.com> wrote:
On Wed, Apr 25, 2018 at 12:49 PM, Asif Iqbal <vadud3@gmail.com> wrote:
How do I change the time in the log to append a timezone. Timestamp should be based on generateTime=1523620861 which is in the log
So today the time in the shows like this
Apr 25 16:46:51 host.example.net .., generateTime=1524674663, ...
I like to change it like below
2018-04-25T16:46:55+0000 host.example.net ...,generateTime=1524674663, ....
{"PROGRAM":"alarmLog,","PRIORITY":"notice","MESSAGE":"applianceName=KING-MER-50-PRI, tenantName=king, alarmType=vrrp-v3-proto-error, alarmKey=0|vni-0/3.0, generateTime=1523620861, applianceId=1, vsnId=0, tenantId=4, alarmCause=causeOther, alarmClearable=no, alarmClass=new, alarmKind=root, alarmEventType=equipmentAlarm, alarmSeverity=indeterminate, alarmOwner=tenant, alarmSeqNo=36657, alarmText=\"vni-0/3.0\", siteName=","HOST":"host.example.net","FACILITY":"user","DATE":"Apr 13 04:01:22"}
That was the output of
filter f_alarm { facility(user) and match("alarmLog" value("PROGRAM")); };
destination d_alarm { file ("/var/log/alarms.log" template("$(format-json -s syslog-proto)\n")); };
I am using syslog-ng version 3.5.6, latest from centos 7
upgrade to syslog-ng 3.14 using the repo from here https://syslog-ng.com/blog/installing-latest-syslog-ng-on-rhel-and-other-rpm...
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Asif Iqbal
-
Kókai Péter