[prev in list] [next in list] [prev in thread] [next in thread]
List: loganalysis
Subject: Re: [logs] syslog timestamp format
From: Alexandre Dulaunoy <alex () conostix ! com>
Date: 2002-01-31 19:31:54
[Download RAW message or body]
On Thu, 31 Jan 2002 Benjamin.Feinstein@guardent.com wrote:
> Hey ya'll,
>
> Assuming iptables uses klogd to log its messages to /var/log/messages, is
> there a way to specifiy the format of the timestamp that klogd prepends to a
> log message? The logging daemon is prepending a timestamp of "MMM dd
> hh:mm:ss", but I need to have the "yyyy" in the timestamp as well.
The standard (cf. RFC3164) output is Mmm dd hh:mm:ss. (as you say) But you
could change the output of syslogd or klogd by changing the source code.
You can also check the current time and check the difference to guess the
year.
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ipfc/ipfc/src/db-backend/db-backend-dae \
mon/process_transport_syslog_line.pl?rev=1.1&content-type=text/vnd.viewcvs-markup
ok, it's not very clean but it works ;-)
>
> Additionally, does anyone know how to get iptables to log to a logging
> facility other than "kernel"? I am aware of the ULOG target, but I have read
> that ULOG should not be used as a matching target for any significant amount
> of logging. Anybody have experience using the ULOG target, good or bad?
>
> I'm using klogd 1.4.1 and iptables 1.2.5 on a RH 7.2 box w/ kernel 2.4.17.
Yes, iptables uses the facility kern at priority warning (4). You can
recompile the iptables and changing the facility in the source code.
You can also use the LOG prefix if you want to redirect the iptables
logging. (with some regular expression with syslog-ng for example)
For ULOG, I don't use it.
Hope this helps
alx
--
Alexandre Dulaunoy adulau@conostix.com
http://www.conostix.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribe@securityfocus.com
For additional commands, e-mail: loganalysis-help@securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic