Linux 更改系统日志中的日期格式
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20402162/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Changing date format in syslog
提问by egorulz
Is there anyway we can change the date format in a particular log file being logged to by syslog? I don't want to change the way all logs are being logged, but just by log file.
无论如何,我们可以更改 syslog 记录到的特定日志文件中的日期格式吗?我不想改变所有日志的记录方式,而只是通过日志文件。
EDIT: I'm using syslogd (in FreeBSD)
编辑:我正在使用 syslogd(在 FreeBSD 中)
This is how my file looks like now:
这是我的文件现在的样子:
Dec 5 07:52:10 Log data 1
Dec 5 07:52:10 Log data 2
Dec 5 07:52:10 Log data 3
This is how I want it to look like:
这就是我想要的样子:
20131205 07:52:10 Log data 1
20131205 07:52:10 Log data 2
20131205 07:52:10 Log data 3
My syslog.conf looks like this, where /var/log/my_log.log is my logfile:
我的 syslog.conf 看起来像这样,其中 /var/log/my_log.log 是我的日志文件:
+@
*.notice;local0.none;local1.none;local2.none;authpriv.none;kern.debug;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
console.info /var/log/console.log
local1.info /var/log/my_log.log
采纳答案by egorulz
I ended up using an awk script to run through the log file and replace the date field
我最终使用 awk 脚本来运行日志文件并替换日期字段
awk '{getDate="date -j -f \"%b %d %H:%M:%S\" \""" "" ""\" \"+%Y%m%d %H:%M:%S\""
while ( ( getDate | getline date ) > 0 ) { }
close(getDate);
print date,,,,}' Temp1 > Temp2
回答by user9645
I had the same issue using FreeBSD 9.2 and Zabbixsystem monitor GUI which cannot handle things like 'Jan' or 'Feb' in the date stamp (!) on the system log messages.
我在使用 FreeBSD 9.2 和Zabbix系统监视器 GUI 时遇到了同样的问题,它们无法处理系统日志消息上的日期戳 (!) 中的“Jan”或“Feb”等内容。
What I did was install the sysutils/syslog-ngport, and use the convert-syslogconf.awkscript to migrate my /etc/syslog.confto /usr/local/etc/syslog-ng.conf(which thankfully seemed to work well with even a fairly complex config) and added this custom formatting template to all the file()destinations:
我所做的是安装sysutils/syslog-ng端口,并使用convert-syslogconf.awk脚本将我的迁移/etc/syslog.conf到/usr/local/etc/syslog-ng.conf(幸运的是,即使是相当复杂的配置,它似乎也能很好地工作)并将此自定义格式模板添加到所有file()目的地:
template t_msgfmt {
template("${ISODATE} ${HOST} ${FACILITY} ${LEVEL} ${MSGHDR}${MSG}\n");
template_escape(no);
};
You can find (lots) more formatting info in the syslog-ng manual section 11.1. It is working good for me (so far) hope it helps you!
您可以在syslog-ng 手册第 11.1 节中找到(很多)更多格式信息。它对我很有用(到目前为止)希望它对你有帮助!
回答by vince
Even if you found a different solution, I give an answer for others.
即使您找到了不同的解决方案,我也会为其他人提供答案。
Edit your syslog configuration file (On Debian for example: /etc/syslog-ng/syslog-ng.conf).
编辑您的 syslog 配置文件(例如在 Debian 上:)/etc/syslog-ng/syslog-ng.conf。
Then declare a new template like this :
然后像这样声明一个新模板:
template template_date_format {
template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${HOST} ${MSGHDR}${MSG}\n");
template_escape(no);
};
This is an example but you can use different macros according to syslog documentation linked in user9645's answer.
这是一个示例,但您可以根据user9645答案中链接的 syslog 文档使用不同的宏。
After that, find in this configuration file, all the files you want to change the output format and apply this template to them.
之后,在此配置文件中找到所有要更改输出格式的文件并将此模板应用于它们。
For example, I want to change /var/log/auth.logoutput format, then I change :
例如,我想更改/var/log/auth.log输出格式,然后我更改:
destination d_auth { file("/var/log/auth.log"); };
to :
到 :
destination d_auth { file("/var/log/auth.log" template(template_date_format)); };
Then restart syslog (service syslog-ng restart) and try a login to see the changes in your auth.log.
然后重新启动 syslog( service syslog-ng restart) 并尝试登录以查看auth.log.
