Adding year in the syslog message (linux)

Question

I need to log the year in the log message generated by syslog daemon. In particular in the /var/log/secure file. Is it possible?

Here an example of normal syslog message:

Feb 16 04:06:58 HOST sshd[28573]: Accepted password for USER from SOURCE port 7269 ssh2

And I need something similar to:

Feb 16 2011 04:06:58 HOST sshd[28573]: Accepted password for USER from SOURCE port 7269 ssh2

Thanks in advance.

Answer 1

If you use rsyslog, it is easy. Refer to following:

1. Modify /etc/rsyslog.conf to following:

   ...
   authpriv.*     /var/log/secure;RSYSLOG_FileFormat
   ...
   

2. And then asking rsyslog daemon to reload configuration:

   $ kill -HUP <pid of rsyslog daemon>
   

More reference :

• http://www.rsyslog.com/doc/rsyslog_recording_pri.html
• http://www.rsyslog.com/doc/rsyslog_conf_modules.html/rsyslog_conf_templates.html

Answer 2

syslog-ng has the ts_format() option to specify the default timestamp format for files. it is set to iso format by default, which includes the year.

you can also configure file formats using the template() option.

Answer 3

If your syslog respects RFC 3164 (The BSD Syslog Protocol), then you cannot configure it to record the year. Unless you have a modern syslog daemon that follows RFC 5424 (rsyslog or syslog-ng) you cannot do that.

Answer 4

If you can't alter the syslog on the system itself, maybe you could setup syslog to send it to a remote system with a better syslog daemon?