Syslog date format

Mon Jul 27 08:22:17 UTC 2009

On Sunday 26 July 2009 21:20:23 Modulok wrote:

> One would think that ISO 8601 date strings would make more sense, in
> addition not being language dependent. But I guess that's out.

It isn't too hard to convert on the fly. The real problem is that syslog
dates do not contain a year and timezone. The taillog program below sig
therefore may lie about the generated date. Most notably a year is
non-optional in ISO 8601.
Anyway, taillog is basically tail(1), except it shows the following:
% sudo taillog -2 /var/log/cron
2009-07-27 00:11:00-0800 smoochies /usr/sbin/cron[25808]: (operator) CMD (/usr/libexec/save-entropy)
2009-07-27 00:15:00-0800 smoochies /usr/sbin/cron[25834]: (root) CMD (/usr/libexec/atrun)

-- 
Mel

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	taillog/BSDmakefile
#	taillog/taillog.c
#
echo x - taillog/BSDmakefile
sed 's/^X//' >taillog/BSDmakefile << 'f307a85b0a9ff60c11589de765a71b95'
X# $Coar: utils/taillog/BSDmakefile,v 1.1 2009/07/27 07:58:48 mel Exp $
XPROG=taillog
XNO_MAN=yes
X
X.include <bsd.prog.mk>
f307a85b0a9ff60c11589de765a71b95
echo x - taillog/taillog.c
sed 's/^X//' >taillog/taillog.c << '4c238c819ad69dd9d8586db323e29997'
X/*
X * vim: ts=4 sw=4 fdm=marker tw=78 ai noet
X * Copyright (c) 2009 Mel Flynn
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X *    notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X *    notice, this list of conditions and the following disclaimer in the
X *    documentation and/or other materials provided with the distribution.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X *
X * Taillog: tail(1) helper that converts syslog date format to ISO-8601.
X */
X#include <sys/cdefs.h>
X__FBSDID("$Coar: utils/taillog/taillog.c,v 1.1 2009/07/27 07:58:48 mel Exp $");
X
X#include <sys/types.h>
X#include <sys/param.h>
X#include <sys/resource.h>
X#include <sys/time.h>
X#include <sys/wait.h>
X
X#include <stdio.h>
X#include <unistd.h>
X#include <string.h>
X#include <time.h>
X
X#include <sysexits.h>
X#include <err.h>
X
X#define TAIL "/usr/bin/tail"
X
Xstatic inline void init_tp(const struct tm *now, struct tm *tp);
X
Xint main(int argc, char **argv)
X{
X	pid_t pid;
X	int fildes[2], res;
X	struct tm *now;
X	time_t clock;
X
X	tzset();
X	clock = time(NULL);
X	now = localtime(&clock);
X
X	res = pipe(fildes);
X	if( (pid = fork()) == 0 ) /* Child */
X	{
X		close(fildes[0]);
X		if( dup2(fildes[1], STDOUT_FILENO) < 0 )
X			err(EX_OSERR, "dup2()");
X		argv[0] = strdup(TAIL);
X		if( (res = execv(TAIL, argv)) < 0 )
X			err(EX_OSERR, "Failed to run tail");
X	}
X	else if( pid > 0 ) /* Parent */
X	{
X		char buf[BUFSIZ];
X		FILE *in;
X
X		close(fildes[1]);
X		if( (in = fdopen(fildes[0], "r")) == NULL )
X			err(EX_OSERR, "fdopen()");
X
X		while( fgets(buf, BUFSIZ, in) != NULL )
X		{
X			struct tm tp;
X			size_t len = strlen(buf);
X			char *ptr, tbuf[32];
X
X			init_tp(now, &tp);
X			ptr = strptime(buf, "%b %e %T", &tp);
X			if( ptr == NULL )
X			{
X				warnx("Line does not start with syslog date");
X				printf("%s", buf);
X			}
X			else
X			{
X				if( strftime(tbuf, sizeof(tbuf), "%Y-%m-%d %H:%M:%S%z", &tp) == 0 )
X					err(EX_SOFTWARE, "Can't convert time");
X				res = printf("%s%s", tbuf, ptr);
X			}
X			// Read and print till end of line
X			while( buf[len-1] != '\n' )
X			{
X				if( fgets(buf, BUFSIZ, in) == NULL )
X					err(EX_OSERR, "Can't read line");
X				printf("%s", buf);
X				len = strlen(buf);
X			}
X		}
X		(void)waitpid(pid, &res, 0);
X		close(fildes[0]);
X	}
X	else
X		err(EX_OSERR, "Failed to fork");
X
X	return (0);
X}
X
Xstatic inline void init_tp(const struct tm *now, struct tm *tp)
X{
X	tp->tm_year = now->tm_year;
X	tp->tm_isdst = now->tm_isdst;
X	tp->tm_zone = (now->tm_zone == NULL) ? NULL : strdup(now->tm_zone);
X	tp->tm_gmtoff = now->tm_gmtoff;
X}
4c238c819ad69dd9d8586db323e29997
exit