Changing date format in syslog
Is there anyway we can change the date format in a particular log file being logged to by syslog? I don't want to change the way all logs are being logged, but just by log file.
EDIT: I'm using syslogd (in FreeBSD)
This is how my file looks like now:
Dec 5 07:52:10 Log data 1
Dec 5 07:52:10 Log data 2
Dec 5 07:52:10 Log data 3
This is how I want it to look like:
20131205 07:52:10 Log data 1
20131205 07:52:10 Log data 2
20131205 07:52:10 Log data 3
My syslog.conf looks like this, where /var/log/my_log.log is my logfile:
+@
*.notice;local0.none;local1.none;local2.none;authpriv.none;kern.debug;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
console.info /var/log/console.log
local1.info /var/log/my_log.log
Answer
Even if you found a different solution, I give an answer for others.
Edit your syslog configuration file (On Debian for example: /etc/syslog-ng/syslog-ng.conf).
Then declare a new template like this :
template template_date_format {
template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${HOST} ${MSGHDR}${MSG}\n");
template_escape(no);
};
This is an example but you can use different macros according to syslog documentation linked in user9645's answer.
After that, find in this configuration file, all the files you want to change the output format and apply this template to them.
For example, I want to change /var/log/auth.log output format, then I change :
destination d_auth { file("/var/log/auth.log"); };
to :
destination d_auth { file("/var/log/auth.log" template(template_date_format)); };
Then restart syslog (service syslog-ng restart) and try a login to see the changes in your auth.log.