Mailing List Archive

It is supposed to be telling you what timezone you are in, Z and +00:00 are the
same. If you are in a different timezone, you will see a different number.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Dinesh,


Try

%TIMESTAMP:::date-utc%


________________________________
From: rsyslog <rsyslog-bounces@lists.adiscon.com> on behalf of P.R.Dinesh via rsyslog <rsyslog@lists.adiscon.com>
Sent: Monday, June 11, 2018 12:56 PM
To: rsyslog@lists.adiscon.com
Cc: P.R.Dinesh
Subject: [rsyslog] Timestamp as per RFC5424

I am creating a template for syslog messages as per RFC 5424.
I am using *RSYSLOG_SyslogProtocol23Format* as a reference.

The template I came up with is as follows.

"<%PRI%> 1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID%
%MSGID% %STRUCTURED-DATA% %msg%\n"


As per the RFC 5424 examples, for UTC based timestamp we are supposed to
have 'Z' in the timezone part.

Example 1

1985-04-12T23:20:50.52Z


Example 3

2003-10-11T22:14:15.003Z

But when I use this template, I always get +00:00 instead of Z

2018-06-11T10:54:13.983308+00:00


On browsing the code I see that this can be controlled using the
OffsetMode. But I couldn't find any configuration to set offsetMode.
Is it possible to configure this ? Please let me know if I have
misunderstood the RFC.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog

rsyslog Info Page - lists.adiscon.net<http://lists.adiscon.net/mailman/listinfo/rsyslog>
lists.adiscon.net
Mailing list for rsyslog users. Used for discussion, questions, suggestions and everything else that helps. This is a PUBLIC list that is archived by a myriad of sites.



http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

As David says, there is no problem. RFC 5424 references RFC 3339, and
in e.g. Sect. 2 and 4.3 it tells that "Z" and "+00:00" is equivalent.

See https://www.ietf.org/rfc/rfc3339.txt

Rainer

2018-06-12 13:23 GMT+02:00 putcha narayana via rsyslog
<rsyslog@lists.adiscon.com>:
> Dinesh,
>
>
> Try
>
> %TIMESTAMP:::date-utc%
>
>
> ________________________________
> From: rsyslog <rsyslog-bounces@lists.adiscon.com> on behalf of P.R.Dinesh via rsyslog <rsyslog@lists.adiscon.com>
> Sent: Monday, June 11, 2018 12:56 PM
> To: rsyslog@lists.adiscon.com
> Cc: P.R.Dinesh
> Subject: [rsyslog] Timestamp as per RFC5424
>
> I am creating a template for syslog messages as per RFC 5424.
> I am using *RSYSLOG_SyslogProtocol23Format* as a reference.
>
> The template I came up with is as follows.
>
> "<%PRI%> 1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID%
> %MSGID% %STRUCTURED-DATA% %msg%\n"
>
>
> As per the RFC 5424 examples, for UTC based timestamp we are supposed to
> have 'Z' in the timezone part.
>
> Example 1
>
> 1985-04-12T23:20:50.52Z
>
>
> Example 3
>
> 2003-10-11T22:14:15.003Z
>
> But when I use this template, I always get +00:00 instead of Z
>
> 2018-06-11T10:54:13.983308+00:00
>
>
> On browsing the code I see that this can be controlled using the
> OffsetMode. But I couldn't find any configuration to set offsetMode.
> Is it possible to configure this ? Please let me know if I have
> misunderstood the RFC.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
>
> rsyslog Info Page - lists.adiscon.net<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> lists.adiscon.net
> Mailing list for rsyslog users. Used for discussion, questions, suggestions and everything else that helps. This is a PUBLIC list that is archived by a myriad of sites.
>
>
>
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Rainer Gerhards wrote
> As David says, there is no problem. RFC 5424 references RFC 3339, and
> in e.g. Sect. 2 and 4.3 it tells that "Z" and "+00:00" is equivalent.
>
> See https://www.ietf.org/rfc/rfc3339.txt
>
> Rainer

I think the "problem" is that the user might *want* to use the 'Z' notation
and not '+00:00' as it is shorter...

Is there any way to force rsyslogd to emit 'Z' without defining custom
template?




--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.