From Fedora Project Wiki
(AGREED: FESCo Rejects F27 System Wide Change: Rsyslog log format change (+1:5, +0:0, -1:0))
 
(4 intermediate revisions by 2 users not shown)
Line 48: Line 48:
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
-->
-->
<!--- UNCOMMENT only if this Change aims specific product, working group (Cloud, Workstation, Server, Base, Env & Stacks)
<!--- UNCOMMENT only if this Change aims specific product, working group (Cloud, Workstation, Server, Base, Env & Stacks)
* Product:
* Product:
Line 75: Line 73:


<pre>May 29 13:37:50 localhost systemd: Starting Fingerprint Authentication Daemon...</pre>
<pre>May 29 13:37:50 localhost systemd: Starting Fingerprint Authentication Daemon...</pre>


This format has few disadvantages
This format has few disadvantages
Line 85: Line 82:
* It is not standard format. Standards are ISO 8601 and more strict RFC 3339
* It is not standard format. Standards are ISO 8601 and more strict RFC 3339


 
We would propose to change this to defaults to standard format with timezone included. We are suggesting '''RSYSLOG_FileFormat''' that looks like e.g.:
 
We would propose to change this to defaults to standard format with timezone included.
 
We are suggesting new '''RSYSLOG_FileFormat''' that looks like e.g.:


<pre>2017-05-29T13:40:50.976409+02:00 localhost systemd: Stopping System Logging Service...</pre>
<pre>2017-05-29T13:40:50.976409+02:00 localhost systemd: Stopping System Logging Service...</pre>


This also matches short-iso-precise output format in journalctl added in the upcoming systemd v234. All necessary changes are:


All necessary changes are here:
<pre>$ diff rsyslog.conf.orig rsyslog.conf -u
<pre>$ diff rsyslog.conf.orig rsyslog.conf -u
--- rsyslog.conf.orig    2017-05-26 16:31:09.768671818 +0200
--- rsyslog.conf.orig    2017-05-26 16:31:09.768671818 +0200
Line 190: Line 183:
-->
-->


[[Category:ChangeAnnounced]]
[[Category:ChangePageIncomplete]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Latest revision as of 13:09, 17 July 2017


Rsyslog log format change proposal

Summary

Currently Fedora uses RSYSLOG_TraditionalFileFormat as a default format for timestamps in its logs. There is missing year and timezone. This proposal aims to change this by adopting ISO 8601 and RFC 3339 compliant timestamp format known as RSYSLOG_FileFormat instead of current RSYSLOG_TraditionalFileFormat.

Owner

Current status

Detailed Description

Currently Fedora, RHEL and CentOS use RSYSLOG_TraditionalFileFormat for log’s timestamp, so timestamps in files like /var/log/messages, /var/log/cron and /var/log/secure looks like e.g.:

May 29 13:37:50 localhost systemd: Starting Fingerprint Authentication Daemon...

This format has few disadvantages

  • Does not include year which sometimes may be needed, mostly when doing long term analysis or some investigation.
  • Does not include timezone which may be important piece when working with system scattered around the globe.
  • It is not standard format. Standards are ISO 8601 and more strict RFC 3339

We would propose to change this to defaults to standard format with timezone included. We are suggesting RSYSLOG_FileFormat that looks like e.g.:

2017-05-29T13:40:50.976409+02:00 localhost systemd: Stopping System Logging Service...

This also matches short-iso-precise output format in journalctl added in the upcoming systemd v234. All necessary changes are:

$ diff rsyslog.conf.orig rsyslog.conf -u
--- rsyslog.conf.orig    2017-05-26 16:31:09.768671818 +0200
+++ rsyslog.conf    2017-05-26 16:30:36.093682748 +0200
@@ -30,7 +30,7 @@
 global(workDirectory="/var/lib/rsyslog")
 
 # Use default timestamp format
-module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
+module(load="builtin:omfile" Template="RSYSLOG_FileFormat")
 
 # Include all config files in /etc/rsyslog.d/
 $IncludeConfig /etc/rsyslog.d/*.conf

Benefit to Fedora

Compliance to international standard, more information available in logs.

Scope

  • Proposal owners:
    • commit necessary changes
    • create rsyslog build
  • Other developers: none
  • Release engineering: Releng#6818
  • Policies and guidelines: Not affected
  • Trademark approval: Not needed for this Change

Upgrade/compatibility impact

Someone parsing logs would need update his/her scripts or revert configuration to traditional one.

How To Test

Restart rsyslog by “systemctl restart rsyslog” and check “sudo tail /var/log/messages”, timestamp should be in ISO 8601 format, e.g.: 2017-05-26T16:25:47.125900+02:00

User Experience

Regular users should not experience any change. Administrators would benefit from more information provided, especially when maintaining a system scattered in more timezones or doing long-term analysis.

Dependencies

None

Contingency Plan

  • Contingency mechanism: Rsyslog maintainer will either change the configuration or keep the original.
  • Contingency deadline: Fedora 27 Beta freeze
  • Blocks release? No
  • Blocks product? No

Documentation

http://www.rsyslog.com/doc/v8-stable/configuration/templates.html

Release Notes