Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Mar 2023 15:22:09 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 270497] periodic(8) scripts ignore syslogd flag '-O' output format and does not filter/report failed events
Message-ID:  <bug-270497-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270497

            Bug ID: 270497
           Summary: periodic(8) scripts ignore syslogd flag '-O' output
                    format and does not filter/report failed events
           Product: Base System
           Version: 12.4-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: michael.osipov@siemens.com

I was not happy with the output format of syslogd events since the time
resolution was not enough and not sortable. I did set in my rc.conf:
$ sysrc -n syslogd_flags
-N -ss -O rfc5424

These periodics are then rendered useless:
$ grep -r "date " /etc/periodic
/etc/periodic/daily/460.status-mail-rejects:        yesterday=3D$(date -v-1=
d '+%b
%e')
/etc/periodic/daily/460.status-mail-rejects:        today=3D$(date '+%b %e')
/etc/periodic/security/900.tcpwrap:yesterday=3D`date -v-1d "+%b %e "`
/etc/periodic/security/800.loginfail:yesterday=3D`date -v-1d "+%b %e "`

They rely on the old style formats and miss everything highres timestamps.

So a possible solution is to query "sysrc -n syslogd_flags" and use the
appropriate format:
today=3D$(date -I)
yesterday=3D$(date -v-1d -I)
or old style

to filter out events.

Manpage of syslogd says:
     -O format
             Select the output format of generated log messages.  The values
             bsd and rfc3164 are used to generate RFC 3164 log messages.  T=
he
             values syslog and rfc5424 are used to generate RFC 5424 log
             messages, having RFC 3339 timestamps with microsecond precisio=
n.
             The default is to generate RFC 3164 log messages.

So it is '-O bsd|rfc3164' or '-O syslog|rfc5424'. This could be done with g=
rep
or sed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270497-227>