Michael Biebl <biebl@debian.org> writes:

Hi,

we are early in the bookworm release cycle, so I guess it's the
perfect time to bring up this topic.

Sorry for hijacking the thread, but perhaps now is a good time to stop
using the legacy syslog time format and use the standardized RFC 5424
format? It is the default format in upstream rsyslog, but the default
Debian config uses the legacy format.

Effectively, the change that I suggest is to stop putting this into /etc/rsyslog.conf by default:

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

The legacy time format that is used today does not record year, timezone
or subsecond information. Compare /var/log/syslog outputs like this:

Nov 23 21:47:31 latte jas: test

with

2021-11-23T21:47:49.082799+01:00 latte jas: test

/Simon

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYZ1TzRQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFojPGAP9tsjxNfsXUtQ37wg32EOwDJx7fsgVp 1AmEUlHwLoxGpgEA8LJQE29yuG9N07zvdbH/zN5JOpbs+4yAL5SKzGXLUQc=
=PnJr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, November 23, 2021 3:49:17 PM EST Simon Josefsson wrote:

Michael Biebl <biebl@debian.org> writes:

Hi,

we are early in the bookworm release cycle, so I guess it's the
perfect time to bring up this topic.

Sorry for hijacking the thread, but perhaps now is a good time to stop
using the legacy syslog time format and use the standardized RFC 5424
format? It is the default format in upstream rsyslog, but the default
Debian config uses the legacy format.

Effectively, the change that I suggest is to stop putting this into /etc/rsyslog.conf by default:

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

The legacy time format that is used today does not record year, timezone
or subsecond information. Compare /var/log/syslog outputs like this:

Nov 23 21:47:31 latte jas: test

with

2021-11-23T21:47:49.082799+01:00 latte jas: test

/Simon

That seams like a reasonable change to make, but it should definitely be mentioned in NEWS for the package and the Debian release notes.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 23.11.21 um 23:53 schrieb Scott Kitterman:

On Tuesday, November 23, 2021 3:49:17 PM EST Simon Josefsson wrote:

Michael Biebl <biebl@debian.org> writes:

Hi,

we are early in the bookworm release cycle, so I guess it's the
perfect time to bring up this topic.

Sorry for hijacking the thread, but perhaps now is a good time to stop
using the legacy syslog time format and use the standardized RFC 5424
format? It is the default format in upstream rsyslog, but the default
Debian config uses the legacy format.

Effectively, the change that I suggest is to stop putting this into
/etc/rsyslog.conf by default:

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

The legacy time format that is used today does not record year, timezone
or subsecond information. Compare /var/log/syslog outputs like this:

Nov 23 21:47:31 latte jas: test

with

2021-11-23T21:47:49.082799+01:00 latte jas: test

/Simon

I completely agree and I wanted to do this change for a long time, see
[1]. When we introduced rsyslog as default syslogger over a decade ago,
we opted for maximum compatibility with the old sysklogd and
there was the concern, that this might break other tools like logwatch.

I'm not a user of logwatch, so I don't know, if logwatch nowadays can
handle RFC 5424 timestamps, but even if so, I think the benefits
outweigh the potential breakage. And it's easy enough for users to
create a drop-in config snippet with

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


Such a snippet could even be shipped by packages like logwatch or
logcheck, if they can't be fixed to support the newer timestamps.


That said, I plan to make this change in one of the next uploads.

That seams like a reasonable change to make, but it should definitely be mentioned in NEWS for the package and the Debian release notes.

Scott K

Yes to both. Thanks for the suggestion.

Regards,
Michael


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 2021-12-18 at 15:58 +0100, Michael Biebl wrote:

Am 23.11.21 um 23:53 schrieb Scott Kitterman:

On Tuesday, November 23, 2021 3:49:17 PM EST Simon Josefsson wrote:

Michael Biebl <biebl@debian.org> writes:

Hi,

we are early in the bookworm release cycle, so I guess it's the
perfect time to bring up this topic.

Sorry for hijacking the thread, but perhaps now is a good time to stop using the legacy syslog time format and use the standardized RFC 5424 format? It is the default format in upstream rsyslog, but the default Debian config uses the legacy format.

Effectively, the change that I suggest is to stop putting this into /etc/rsyslog.conf by default:

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

The legacy time format that is used today does not record year, timezone or subsecond information. Compare /var/log/syslog outputs like this:
Nov 23 21:47:31 latte jas: test

with

2021-11-23T21:47:49.082799+01:00 latte jas: test

/Simon

I completely agree and I wanted to do this change for a long time, see
[1]. When we introduced rsyslog as default syslogger over a decade ago,
we opted for maximum compatibility with the old sysklogd and
there was the concern, that this might break other tools like logwatch.

I'm not a user of logwatch, so I don't know, if logwatch nowadays can
handle RFC 5424 timestamps, but even if so, I think the benefits
outweigh the potential breakage. And it's easy enough for users to
create a drop-in config snippet with

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Such a snippet could even be shipped by packages like logwatch or
logcheck, if they can't be fixed to support the newer timestamps.

That said, I plan to make this change in one of the next uploads.

That seams like a reasonable change to make, but it should definitely be mentioned in NEWS for the package and the Debian release notes.

Scott K

Yes to both. Thanks for the suggestion.

Regards,
Michael

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303

+1 for this change.

Regards

Phil

--
*** Playing the game for the games own sake. ***

WWW: https://kathenas.org

Twitter: @kathenasorg

IRC: kathenas

GPG: 724AA9B52F024C8B

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEcKCsRax3nv6E9jrtckqptS8CTIsFAmG+APwACgkQckqptS8C TIvR0w//VI3r3PPfd25JM/hnp0SIio1yXJB93SPPleb7WzflydQaVN+yizPcVGLj l5B5p07I3kEMkcfMAXLj5ZyVl0vmzBERINd2rrDtp/gvHv4IC3QAc1Z8YP2AK4MV FkKDChOwwsZBpI6sbzI3kPHs4tjDM1h+Ta5l9YT4x78siGMAcwRx5aCshX//nhW+ kwnvszJWwYNO0wXeG4D9GfajjOvQAC9502snUdn6YlqogkHxRBbhpYbd639Gve8X TrcQ+Yn2GjbBWjulvoiXDX6baqiXYJpZTHQMKutVIcCTrj9eEkp9RaQTmhxqXoAX XqxqYTm5V+Xbw9EhLo27R7ZSSHKD9cpz2grZFNmAkm9jL6l7gg3a2ul3J5WQb8rn dxo6djZUDuFRsLT3lb+vx9Ynlnf0aUvegJTGzQJb4ISwmuVtX7h4EhBxbyEa9AJg QcB/IMGpUNXnS45+yXMbBiKQMHVp8bpsNEda36bIsVh5/yN+P7PohIrXwiZiLHMm GE2f+HtTgpN3oByOgD2Au2YPr/k6lNi+8UCYzmD8JEtg0HAv/GOWxQIjV+TsVxS+ gqL93tpTXfN4QxL5p+FbGB2skCQg21vT4vbn43crOUSWO9CmW00TzjdMdd09SYzk +bIvSXAmI5cA+9Hf56kZ2FLI4AqFYrXsSnN7WoXDbiToTQXYt/A=
=rwAi
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v

On 18/12/2021 15:00, Michael Biebl wrote:

I'm not a user of logwatch, so I don't know, if logwatch nowadays can
handle RFC 5424 timestamps, but even if so, I think the benefits
outweigh the potential breakage. And it's easy enough for users to
create a drop-in config snippet with

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Such a snippet could even be shipped by packages like logwatch or
logcheck, if they can't be fixed to support the newer timestamps.

It sounds like you're already going to do this anyway, but please include a commented out line in the config file for how to return to the previous
format. For "normal" users, I think this change makes it harder to read and makes the lines longer for very little benefit.

Thanks,

Roger

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------JV0iBYqKTQ0aRtithb0xIyLG
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMTguMTIuMjEgMjE6NTcsIFJvZ2VyIEx5bm4gd3JvdGU6DQo+IE9uIDE4LzEyLzIwMjEg MTU6MDAsIE1pY2hhZWwgQmllYmwgd3JvdGU6DQo+PiBJJ20gbm90IGEgdXNlciBvZiBsb2d3 YXRjaCwgc28gSSBkb24ndCBrbm93LCBpZiBsb2d3YXRjaCBub3dhZGF5cyBjYW4NCj4+IGhh bmRsZSBSRkMgNTQyNCB0aW1lc3RhbXBzLCBidXQgZXZlbiBpZiBzbywgSSB0aGluayB0aGUg YmVuZWZpdHMNCj4+IG91dHdlaWdoIHRoZSBwb3RlbnRpYWwgYnJlYWthZ2UuIEFuZCBpdCdz IGVhc3kgZW5vdWdoIGZvciB1c2VycyB0bw0KPj4gY3JlYXRlIGEgZHJvcC1pbiBjb25maWcg c25pcHBldCB3aXRoDQo+Pg0KPj4gJEFjdGlvbkZpbGVEZWZhdWx0VGVtcGxhdGUgUlNZU0xP R19UcmFkaXRpb25hbEZpbGVGb3JtYXQNCj4+DQo+Pg0KPj4gU3VjaCBhIHNuaXBwZXQgY291 bGQgZXZlbiBiZSBzaGlwcGVkIGJ5IHBhY2thZ2VzIGxpa2UgbG9nd2F0Y2ggb3INCj4+IGxv Z2NoZWNrLCBpZiB0aGV5IGNhbid0IGJlIGZpeGVkIHRvIHN1cHBvcnQgdGhlIG5ld2VyIHRp bWVzdGFtcHMuDQo+IA0KPiBJdCBzb3VuZHMgbGlrZSB5b3UncmUgYWxyZWFkeSBnb2luZyB0 byBkbyB0aGlzIGFueXdheSwgYnV0IHBsZWFzZSANCj4gaW5jbHVkZSBhIGNvbW1lbnRlZCBv dXQgbGluZSBpbiB0aGUgY29uZmlnIGZpbGUgZm9yIGhvdyB0byByZXR1cm4gdG8gdGhlIA0K PiBwcmV2aW91cyBmb3JtYXQuIA0KDQpJIHByb2JhYmx5IHdvbid0IGRvIHRoYXQgYnV0IGlu c3RlYWQgc2hpcCBhbiBleGFtcGxlIGNvbmZpZyBzbmlwcGV0IHRoYXQgDQpwZW9wbGUgY2Fu IGRyb3AgaW50byAvZXRjL3JzeXNsb2cuZC8uIFRoaXMgaXMgZWFzaWVyIHRvIGF1dG9tYXRl IGFueXdheS4NCg0KRm9yICJub3JtYWwiIHVzZXJzLCBJIHRoaW5rIHRoaXMgY2hhbmdlIG1h a2VzIGl0IGhhcmRlcg0KPiB0byByZWFkIGFuZCBtYWtlcyB0aGUgbGluZXMgbG9uZ2VyIGZv ciB2ZXJ5IGxpdHRsZSBiZW5lZml0Lg0KDQpKdXN0IHRvIHJlLWl0ZXJhdGUsIHRoZSBiZW5l Zml0cyBhcmUNCi0gc3ViIHNlY29uZCByZXNvbHV0aW9uDQotIGluY2x1ZGVzIHRpbWV6b25l IGluZm9ybWF0aW9uDQotIHNvcnRhYmxlIGFuZCBtdWNoIGVhc2llciB0byBmaWx0ZXIgZm9y IHRpbWUgcmFuZ2VzDQotIGluY2x1ZGVzIHRoZSBmdWxsIGRhdGUsIGllLiBpZiB5b3UgYXJl IGxvb2tpbmcgYXQgb2xkZXIgbG9nIGZpbGVzLCB5b3UgDQpjYW4gYWN0dWFsbHkgc2VlIGZy b20gd2hpY2ggeWVhciB0aGUgbG9nIG1lc3NhZ2Ugb3JpZ2luYXRlZCBmcm9tDQoNCg0KU3Vy ZSwgdGhlIHRpbWVzdGFtcCBpcyBsb25nZXIgYXMgaXQgaW5jbHVkZXMgbW9yZSBpbmZvcm1h dGlvbiwgYnV0DQpJIGRvbid0IGZpbmQgaXQgcGFydGljdWxhcmx5IGhhcmRlciB0byByZWFk Lg0KDQpUaGF0IHNhaWQsIGlmIHlvdSB3YW50IHRvIGltcHJvdmUgdGhlIGxlZ2liaWxpdHkg b2YgbG9nIGZpbGVzLCBJIGNhbiANCnJlY29tbWVuZCB0b29scyBsaWtlIGdyYyAoYXB0IGlu c3RhbGwgZ3JjKSwgd2hpY2ggd2lsbCBjb2xvcml6ZSB0aGUgb3V0cHV0Lg0KDQpSZWdhcmRz LA0KTWljaGFlbA0K

--------------JV0iBYqKTQ0aRtithb0xIyLG--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmG/PMMFAwAAAAAACgkQauHfDWCPItzb wA//b6/zkgJ+5ToGoCu/IbTsA1fPhnbgXDEYvZcPpQmja1T4yGt+eVCSRSlI2Bk34lcWJRzBC+BM Dn0ac8t+6dLzE8UWfD2uUUTMxNocbb+B5m9VKriMdLa1jqhkngqdz2Z837SmkdsrSVVenu3olC7a PxSi0GBuxH3xqek6tVyray1nW/+w8NYc90oefiewLGKCZEItv5+zLCotT4Usrg5UlNmtQIb6D7Qy kyUfNLc3q4qpzFmM1Tfu5x8d5setRYhiEA7HS+QYbS7Ws+NKvXSBSocD4smj/CYKPFM+wvOMZM3E wKsJHvpvcu42ZcOwLBV0ISJja0iLM9aVxF99ue6KrfzkU8SHkYzHC05iYQ2ds2mICl0bvPma7h9X viNL5sdsz6invFPifCA6XEcMIxp99HGU8xytvlas8fEwOwjx3kUSE4iJTC271RmuyV+BX6FHqURH 4fl7Ezj/pTzGnrSrUE/b6OQhJyhfF/KSNOePxQzmXFwpIxHpv32lQU4pTKvCOMgqX7U6NtrCBiCs T2YnbgIMe7r/SDqAwtZx1IW2g24PQzLMdRpLktreJcUR8DuV883/+uzJROU7QJ3hRyLGrTdo2hCi jz1attuA1QNBx5xIxaKgyPdeylO8FSoEHJGvPSA0sgSrCSWTM5UFz/WY1E32M++Oi9pxitFTL9tA xz0=
=+SPq
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)