Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th October 2010, 18:24
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default Date/time format in /var/log/secure

A simple problem that I just can't get to the bottom of:

I'm running CentOS v 5.X. The date/time logging in /var/log/secure looks like this:

2010-10-25T17:10:55.612309+01:00 hostname sshd[25760]: Did not receive identification string from XXX.XXX.XXX.XXX
2010-10-25T17:11:25.429817+01:00 hostname sshd[25762]: Did not receive identification string from XXX.XXX.XXX.XXX
2010-10-25T17:11:55.416327+01:00 hostname sshd[25797]: Did not receive identification string from XXX.XXX.XXX.XXX
2010-10-25T17:12:25.472911+01:00 hostname sshd[25800]: Did not receive identification string from XXX.XXX.XXX.XXX


However, I want the date/time format to look like this:

Oct 24 19:34:57 s0020 su: pam_unix(su-l:session): session opened for user root by user (uid=500)
Oct 24 20:12:06 s0020 su: pam_unix(su-l:session): session closed for user user
Oct 24 20:12:08 s0020 sshd[6607]: pam_unix(sshd:session): session closed for user user

I must be really dense today

Can anyone enlighten me?
Reply With Quote
Sponsored Links
  #2  
Old 26th October 2010, 11:40
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
 
Default

Feeling a little less dense today. Here's the answer. For Centos 5.X running rsyslogd:

Add the line in red below to the top of /etc/rsyslog.conf
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

Still in /etc/rsyslog.conf, add ;TraditionalFormat to the line dealing with the /var/log/secure log file:
# The authpriv file has restricted access.
authpriv.* /var/log/secure;TraditionalFormat

Restart rsyslogd with:

# service rsyslog restart


The contents of /var/log/secure now read:

Oct 26 10:20:25 vhost sshd[10487]: Did not receive identification string from XXX.XXX.XXX.XXX
Oct 26 10:20:55 vhost sshd[10553]: Did not receive identification string from XXX.XXX.XXX.XXX
Oct 26 10:21:25 vhost sshd[10555]: Did not receive identification string from XXX.XXX.XXX.XXX

which is a lot more useable for my purposes

Last edited by gscott187; 26th October 2010 at 12:26.
Reply With Quote
The Following 2 Users Say Thank You to gscott187 For This Useful Post:
falko (26th October 2010), PlaybookTips (29th October 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix delivery problem erebus Installation/Configuration 8 29th July 2014 20:17
post fix error after a year aberrio Server Operation 5 5th May 2009 21:33
problem with autoreply message format vistree General 2 3rd October 2007 19:57
SuSE 10.2 64bit and Mail Elfchen Installation/Configuration 10 25th July 2007 10:52
Imap - Maildir format KenKnight Installation/Configuration 6 29th December 2005 11:19


All times are GMT +2. The time now is 10:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.