[logs] syslog timestamp format
Thu, 31 Jan 2002 20:31:54 +0100 (CET)
On Thu, 31 Jan 2002 Benjamin.Feinstein@guardent.com wrote:
> Hey ya'll,
> Assuming iptables uses klogd to log its messages to /var/log/messages, is
> there a way to specifiy the format of the timestamp that klogd prepends to a
> log message? The logging daemon is prepending a timestamp of "MMM dd
> hh:mm:ss", but I need to have the "yyyy" in the timestamp as well.
The standard (cf. RFC3164) output is Mmm dd hh:mm:ss. (as you say) But you
could change the output of syslogd or klogd by changing the source code.
You can also check the current time and check the difference to guess the
ok, it's not very clean but it works ;-)
> Additionally, does anyone know how to get iptables to log to a logging
> facility other than "kernel"? I am aware of the ULOG target, but I have read
> that ULOG should not be used as a matching target for any significant amount
> of logging. Anybody have experience using the ULOG target, good or bad?
> I'm using klogd 1.4.1 and iptables 1.2.5 on a RH 7.2 box w/ kernel 2.4.17.
Yes, iptables uses the facility kern at priority warning (4). You can
recompile the iptables and changing the facility in the source code.
You can also use the LOG prefix if you want to redirect the iptables
logging. (with some regular expression with syslog-ng for example)
For ULOG, I don't use it.
Hope this helps
Alexandre Dulaunoy firstname.lastname@example.org