Page MenuHomeFreeBSD
Differential D14918

Add option -Z to syslogd(8) to use ISO 8601 timestamps
AbandonedPublic
Actions

Authored by woodsb02 on Mar 31 2018, 4:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 11:06 PM
Unknown Object (File)
Thu, Nov 21, 7:38 AM
Unknown Object (File)
Thu, Nov 21, 7:38 AM
Unknown Object (File)
Thu, Nov 21, 7:38 AM
Unknown Object (File)
Oct 21 2024, 3:46 AM
Unknown Object (File)
Oct 19 2024, 9:44 AM
Unknown Object (File)
Oct 19 2024, 8:48 AM
Unknown Object (File)
Oct 8 2024, 5:49 AM
View All 61 Files
Subscribers
dhw
imp

Details

Reviewers
glebius
dab
sobomax
ngie
hrs
Group Reviewers
manpages
Summary

Add option -Z to syslogd(8) to use ISO 8601 timestamps

When doing global remote logging and archiving, it is inconvenient
that the syslog timestamp does not contain the year and the timezone,
but has local time with daylight saving time.
Now with -Z syslogd(8) switches to RFC 5424 ISO format for timestamps.
Then all logging is also done in UTC. Default is to keep local
time and BSD syslog RFC 3164 format.

Syslog RFC 5424 says you should add 1 to 6 digits with fractions
of a second to each syslog timestamp. As we do not measure the
time in syslog(3), use only 3 digits with millisecond precision.

Code taken from OpenBSD, where it was originally developed by bluhm:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c.diff?r1=1.215&r2=1.216&f=h
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c.diff?r1=1.216&r2=1.217&f=h
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.8.diff?r1=1.50&r2=1.51&f=h

IETF reference standards (RFC) for syslog:
https://tools.ietf.org/html/rfc3164#section-4.1.2
https://tools.ietf.org/html/rfc5424#section-6.2.3

Test Plan
  • Ensure default RFC3164 timestamp is unaffected
  • Ensure new RFC5424 timestamp works

These both need to be tested for the following scenarios:

  • Receiving logs from a local socket, and writing to local file
  • Receiving logs from a local socket, and forwarding to remote syslog server
  • Receiving logs from remote syslog server, and writing to local file
  • Receiving logs from remote syslog server, and forwarding to remote syslog server

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 15909
Build 15902: arc lint + arc unit

Event Timeline

woodsb02 created this revision.Mar 31 2018, 4:16 PM
Herald added a reviewer: manpages. · View Herald TranscriptMar 31 2018, 4:16 PM
Herald added a subscriber: imp. · View Herald Transcript
Harbormaster completed remote builds in B15909: Diff 40947.Mar 31 2018, 4:16 PM
dhw added a subscriber: dhw.Apr 1 2018, 12:36 AM

I like the idea -- particularly including the year. As for "logging in UTC," I found an approach that does fairly well (though it is a bit of a configuration hack): Just run the machines in UTC, but augment /etc/rc.conf (or similar) with (e.g.):

cron_program="/usr/bin/env"
cron_flags="TZ=America/Los_Angeles /usr/sbin/cron"

(Known issue: the approach doesn't keep newsyslog's actions in sync with local time; I haven't been bothered enough by that to try to do anything about it,)

woodsb02 edited the summary of this revision. (Show Details)Apr 1 2018, 12:42 AM
woodsb02 added a comment.Apr 1 2018, 1:48 AM
In D14918#313737, @dhw wrote:

I like the idea -- particularly including the year. As for "logging in UTC," I found an approach that does fairly well (though it is a bit of a configuration hack): Just run the machines in UTC, but augment /etc/rc.conf (or similar) with (e.g.):

cron_program="/usr/bin/env"
cron_flags="TZ=America/Los_Angeles /usr/sbin/cron"

(Known issue: the approach doesn't keep newsyslog's actions in sync with local time; I haven't been bothered enough by that to try to do anything about it,)

Thanks for having a look, and for your feedback.

Indeed, there are ways to configure your systems to get all logs in the same timezone. The purpose of this commit is to start implementing options from the new RFC5424 syslog standard which solves this problem without having to closely configure the timezones of each of your machines.

The end goal is obviously to get 100% compliance with RFC5424, but this change is useful and can be incorporated on its own before all of the other RFC5424 compliance.

woodsb02 abandoned this revision.Apr 2 2018, 2:29 AM

This revision breaks compliance with RFC3164 (by not using the mandated timestamp format Mmm dd hh:mm:ss), without adding compliance with RFC5424 (which requires a VERSION number and space between the PRI and the TIMESTAMP).
https://tools.ietf.org/html/rfc3164#section-4.1.2
https://tools.ietf.org/html/rfc5424#section-6

Abandon this revision, in favour of the RFC5424 implementation by ed: D14926

woodsb02 mentioned this in D14926: Add RFC 5424 syslog message parsing to syslogd..Apr 2 2018, 10:11 AM

Revision Contents
Changeset List

PathSize
usr.sbin/
syslogd/
6 lines
143 lines

Diff 40947

View Options

usr.sbin/syslogd/syslogd.8

Loading...
View Options

usr.sbin/syslogd/syslogd.c

Loading...