Syslogd less verbose logging with rfc5424

Ed Schouten ed at nuxi.nl
Mon Oct 1 08:25:32 UTC 2018 

Hi Pavel,

Op zo 30 sep. 2018 om 12:13 schreef Pavel Timofeev <timp87 at gmail.com>:
> There was a great work to bring rfc5424 date format to syslogd(8). See
> https://svnweb.freebsd.org/base?view=revision&revision=332510
>
> I've been using it on CURRENT since it was imported.
> I'm happy I can finally get syslog messages with high time precision
> w/o installing rsyslog or another syslog implementation.

Great to hear you like it!

> The thing I really don't like is that syslogd puts severity and
> priority to log files next to timestamp.
> In my opinion severity and priority is not needed in 99% of cases,
> only in debugging corner cases. While high precision timestamp is the
> main thing what people like rfc 5424 for. This is just my opinion.
> So for "-O rfc5424" I'd like to have the same behavior as for rfc
> 3164, i. e. do not log severity and priority by default and if needed
> use '-v' option to enable those. But it was decided and documented
> that  '-v' won't have any effect for rfc 5425
> https://svnweb.freebsd.org/base?view=revision&revision=335862
>
> The first thing I'd like to suggest is to make rfc 5424 logging the
> same way as for rfc 3164, i. e. make '-v' option work the same.
> If community is not agree with me, I'd like to suggest another thing:
> have another option/flag for syslogd(8) to disable severity and
> priority logging if one use rfc 5424.

I'm on the fence what the right approach is here. The problem is that
newsyslog's RFC5424 support also writes the priority/facility number
and has no way to suppress it. This means that if we were to remove it
from syslogd, we should also add a corresponding switch to syslogd.

That said, my biggest annoyance with the priority/facility number at
the start is not that it takes up space. It's that it's not always the
same width (1-3 columns for the number). This causes log entries to be
aligned inconsistently. This could easily be solved by adding some
leading zeroes, if it weren't for the fact that RFC 5424 explicitly
disallows it. That said, I'd be amazed if that would cause problems in
practice.

A middle ground would be to add leading zeroes when we don't write
messages across the network. That way we improve readability, while
still allowing log entries to be ingested by other systems that use
RFC 5424.

-- 
Ed Schouten <ed at nuxi.nl>

More information about the freebsd-hackers mailing list