View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Changing log date formats?
Log in to Ask a Question

Changing log date formats?

general

Hey all,

I'm having some strange issues with how my Linode formats dates in some of my log files. I asked on IRC yesterday but nobody knew how to fix/change how its formatted.

This is how my logs show up now:

2010-06-23T18:26:01.634813-07:00 server crond[22277]: (root) CMD (/usr/local/some/process)

2010-06-23T18:27:01.662746-07:00 server crond[22282]: (root) CMD (/usr/local/some/process)

2010-06-23T18:28:01.692657-07:00 server crond[22345]: (root) CMD (/usr/local/some/process)

2010-06-23T18:29:01.714650-07:00 server crond[22371]: (root) CMD (/usr/local/some/process)

How do I get it to format like this?

Jun 23 18:23:01 server crond[24092]:(root) CMD (/usr/local/some/process)

Jun 23 18:24:01 server crond[26144]: (root) CMD (/usr/local/sbin/bfd -q)

Jun 23 18:24:01 server crond[26145]: (root) CMD (/usr/local/some/process)

The dates show up like this in /var/log/cron, /var/log/maillog, and /var/log/messages so I'm guessing it's got something to do with the OS. My apache logs show up fine and same with exim.

I'm running the CentOS 5.5 i386 image.

Any ideas?

6 Replies

I think it may be happening because you originally had LC_TIME unset or set to some weird ISO format, then changed it (or other way round,) and thus daemons started before the change use one, and rest the other. Check out your locale (no idea where it's set in CentOS), then well… try restarting services or reboot for a good measure.

Thanks, I tried changing my locale to en_US and C but when I rebooted my VPS it went back to POSIX.

I tried setting a i18n but that only made the console have the right locale.

Any more ideas or suggestions?

Try changing the settings in /etc/sysconfig/i18n.

I set up i18n and rebooted but the logs still show up like that :(

cat /etc/sysconfig/i18n

LANG="en_US.UTF-8"

locale

LANG=en_US.UTF-8

LCCTYPE="enUS.UTF-8"

LCNUMERIC="enUS.UTF-8"

LCTIME="enUS.UTF-8"

LCCOLLATE="enUS.UTF-8"

LCMONETARY="enUS.UTF-8"

LCMESSAGES="enUS.UTF-8"

LCPAPER="enUS.UTF-8"

LCNAME="enUS.UTF-8"

LCADDRESS="enUS.UTF-8"

LCTELEPHONE="enUS.UTF-8"

LCMEASUREMENT="enUS.UTF-8"

LCIDENTIFICATION="enUS.UTF-8"

LC_ALL=

LC_TIME looks like its right there, could it have something to do with the kernel?

2010-06-25T23:57:01.756536-07:00 server crond[4652]: (root) CMD (/usr/local/sbin/bfd -q)

2010-06-25T23:57:01.757112-07:00 server crond[4653]: (root) CMD (/usr/local/directadmin/dataskq)

2010-06-25T23:58:01.939034-07:00 server crond[4740]: (root) CMD (/usr/local/directadmin/dataskq)

Hmm, did you maybe install an alternative syslog like syslog-ng or rsyslog? I think both of those have configurable time formats, which may default to the RFC 3339 format. You can check what's installed with

$ yum list installed '*log*'

The stock syslog daemon is sysklogd. If you have something else, look at its documentation to see how to change the timestamp format.

Thanks so much for your help, it turns out the image had rsyslog installed.

I added this to my conf file to fix it:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

This shows up now though but I'm not sure if it's even harmful.

WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c3 as the first rsyslogd option.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct