Bug 448789

Summary: logwatch should understand RSYSLOG_FileFormat timestamps
Product: [Fedora] Fedora Reporter: James Ralston <ralston>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: pb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 583607 (view as bug list) Environment:
Last Closed: 2008-05-29 13:14:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Ralston 2008-05-28 20:00:47 UTC 
Logwatch parses the timestamps of the log files it processes.

The traditional Unix syslog timestamp looks like this:

May 28 14:14:46 HOSTNAME ...

The rsyslog package refers to this timestamp format as
"RSYSLOG_TraditionalFileFormat".  It has several glaring deficiencies: it
doesn't collate, it doesn't contain timezone information, and it has only
single-second precision.

rsyslog also supports a more modern timestamp format, called
"RSYSLOG_FileFormat", which is essentially the ISO8601 date/time format.  It
looks like this:

2008-05-28T14:14:46.316223-04:00 HOSTNAME ...

This timestamp format overcomes the deficiencies of the traditional timestamp
format.

However, logwatch does not understand this timestamp format; logwatch expects
all system logs to have the traditional timestamp format.

Logwatch should be enhanced (preferably by upstream) to understand the
RSYSLOG_FileFormat for timestamps, so that system administrators have the option
of using that format for system logs without breaking logwatch.

If I submitted an enhancement patch for logwatch to understand the
RSYSLOG_FileFormat, and the patch was reasonable, would you accept it?  Would
upstream?
Comment 1 Ivana Varekova 2008-05-29 13:14:52 UTC 
Hello, thanks for your interest, the best solution is to discuss this problem on
logwatch development mailing list - logwatch-devel. The upstream
guys should be the persons who decide whether it is better to add this support
or not. Could you forward this question to the upstream list? If there is any
problem, please add here a comment.
Comment 2 Peter Bieringer 2010-04-19 13:13:43 UTC 
I've created 2 new bugs on this issue, because rsyslog shipped with RHEL 5.5 is 3.x version which has this new timestamp by default and breaks shipped logwatch:

https://bugzilla.redhat.com/show_bug.cgi?id=583607
https://bugzilla.redhat.com/show_bug.cgi?id=583621

BTW: I would be very happy if I can get a copy of the enhancement patch, because I did not found one on the Internet.