Change timezone to UTC in rsyslog configuration

Question

Sample JSON Config Template: I want to change dateFormat into UTC to unify the TZ for different clients

template(name="json-template" type="list") {
    constant(value="{")
    constant(value="\"@timestamp\":\"")
    property(name="timereported" dateFormat="rfc3339")
    constant(value="\",\"@version\":\"1")
    constant(value="\",\"message\":\"")
    property(name="msg" format="json")
    constant(value="\",\"sysloghost\":\"")
    property(name="hostname")
    constant(value="\",\"severity\":\"")
    property(name="syslogseverity-text")
    constant(value="\",\"facility\":\"")
    property(name="syslogfacility-text")
    constant(value="\",\"programname\":\"")
    property(name="programname")
    constant(value="\",\"procid\":\"")
    property(name="procid")
    constant(value="\"}\n")
}

score 0 · Answer 1 · answered Jun 01 '17 at 14:54

If you know the timezone you can do it in this way:

template(name="json-template" type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="year")
constant(value="-") property(name="timereported" dateFormat="month")
constant(value="-") property(name="timereported" dateFormat="day")
constant(value="T") property(name="timereported" dateFormat="hour")
constant(value=":") property(name="timereported" dateFormat="minute")
constant(value=":") property(name="timereported" dateFormat="second")
constant(value="+00:00")
...

If you want, that the time will be recalculated to your timezone, then see here:

http://www.rsyslog.com/doc/v8-stable/configuration/templates.html and http://www.rsyslog.com/doc/v8-stable/configuration/property_replacer.html

or in the source-code:

https://github.com/rsyslog/rsyslog/blob/master/runtime/msg.c

and use the -utc funtions e.g.: now-utc, year-utc, ...

good luck

Erwin

Change timezone to UTC in rsyslog configuration

1 Answers1