Date: Mon, 27 Jul 2009 00:22:14 -0800 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Subject: Re: Syslog date format Message-ID: <200907270022.14754.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <64c038660907262220w3eeca9d9h2fb41fac6cbe4bfc@mail.gmail.com> References: <64c038660907261640o478e38f2p82d1e66942d2fcb0@mail.gmail.com> <20090727030023.GV63413@dan.emsphone.com> <64c038660907262220w3eeca9d9h2fb41fac6cbe4bfc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 26 July 2009 21:20:23 Modulok wrote:
> One would think that ISO 8601 date strings would make more sense, in
> addition not being language dependent. But I guess that's out.
It isn't too hard to convert on the fly. The real problem is that syslog
dates do not contain a year and timezone. The taillog program below sig
therefore may lie about the generated date. Most notably a year is
non-optional in ISO 8601.
Anyway, taillog is basically tail(1), except it shows the following:
% sudo taillog -2 /var/log/cron
2009-07-27 00:11:00-0800 smoochies /usr/sbin/cron[25808]: (operator) CMD (/usr/libexec/save-entropy)
2009-07-27 00:15:00-0800 smoochies /usr/sbin/cron[25834]: (root) CMD (/usr/libexec/atrun)
--
Mel
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# taillog/BSDmakefile
# taillog/taillog.c
#
echo x - taillog/BSDmakefile
sed 's/^X//' >taillog/BSDmakefile << 'f307a85b0a9ff60c11589de765a71b95'
X# $Coar: utils/taillog/BSDmakefile,v 1.1 2009/07/27 07:58:48 mel Exp $
XPROG=taillog
XNO_MAN=yes
X
X.include <bsd.prog.mk>
f307a85b0a9ff60c11589de765a71b95
echo x - taillog/taillog.c
sed 's/^X//' >taillog/taillog.c << '4c238c819ad69dd9d8586db323e29997'
X/*
X * vim: ts=4 sw=4 fdm=marker tw=78 ai noet
X * Copyright (c) 2009 Mel Flynn
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X * notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X * notice, this list of conditions and the following disclaimer in the
X * documentation and/or other materials provided with the distribution.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X *
X * Taillog: tail(1) helper that converts syslog date format to ISO-8601.
X */
X#include <sys/cdefs.h>
X__FBSDID("$Coar: utils/taillog/taillog.c,v 1.1 2009/07/27 07:58:48 mel Exp $");
X
X#include <sys/types.h>
X#include <sys/param.h>
X#include <sys/resource.h>
X#include <sys/time.h>
X#include <sys/wait.h>
X
X#include <stdio.h>
X#include <unistd.h>
X#include <string.h>
X#include <time.h>
X
X#include <sysexits.h>
X#include <err.h>
X
X#define TAIL "/usr/bin/tail"
X
Xstatic inline void init_tp(const struct tm *now, struct tm *tp);
X
Xint main(int argc, char **argv)
X{
X pid_t pid;
X int fildes[2], res;
X struct tm *now;
X time_t clock;
X
X tzset();
X clock = time(NULL);
X now = localtime(&clock);
X
X res = pipe(fildes);
X if( (pid = fork()) == 0 ) /* Child */
X {
X close(fildes[0]);
X if( dup2(fildes[1], STDOUT_FILENO) < 0 )
X err(EX_OSERR, "dup2()");
X argv[0] = strdup(TAIL);
X if( (res = execv(TAIL, argv)) < 0 )
X err(EX_OSERR, "Failed to run tail");
X }
X else if( pid > 0 ) /* Parent */
X {
X char buf[BUFSIZ];
X FILE *in;
X
X close(fildes[1]);
X if( (in = fdopen(fildes[0], "r")) == NULL )
X err(EX_OSERR, "fdopen()");
X
X while( fgets(buf, BUFSIZ, in) != NULL )
X {
X struct tm tp;
X size_t len = strlen(buf);
X char *ptr, tbuf[32];
X
X init_tp(now, &tp);
X ptr = strptime(buf, "%b %e %T", &tp);
X if( ptr == NULL )
X {
X warnx("Line does not start with syslog date");
X printf("%s", buf);
X }
X else
X {
X if( strftime(tbuf, sizeof(tbuf), "%Y-%m-%d %H:%M:%S%z", &tp) == 0 )
X err(EX_SOFTWARE, "Can't convert time");
X res = printf("%s%s", tbuf, ptr);
X }
X // Read and print till end of line
X while( buf[len-1] != '\n' )
X {
X if( fgets(buf, BUFSIZ, in) == NULL )
X err(EX_OSERR, "Can't read line");
X printf("%s", buf);
X len = strlen(buf);
X }
X }
X (void)waitpid(pid, &res, 0);
X close(fildes[0]);
X }
X else
X err(EX_OSERR, "Failed to fork");
X
X return (0);
X}
X
Xstatic inline void init_tp(const struct tm *now, struct tm *tp)
X{
X tp->tm_year = now->tm_year;
X tp->tm_isdst = now->tm_isdst;
X tp->tm_zone = (now->tm_zone == NULL) ? NULL : strdup(now->tm_zone);
X tp->tm_gmtoff = now->tm_gmtoff;
X}
4c238c819ad69dd9d8586db323e29997
exit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907270022.14754.mel.flynn%2Bfbsd.questions>