rsyslog: use high precision timestamps or explain why not
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	• Gage
	May 7 2015, 3:06 PM

Description

We have:
May 7 06:37:01 neon CRON[314]: (root) CMD (/usr/local/sbin/puppet-run > /dev/null 2>&1)

We could have:
2015-05-07T07:01:01.046748+00:00 curium CRON[9189]: (root) CMD (/usr/local/sbin/puppet-run > /dev/null 2>&1)

From /etc/rsyslog.conf:

# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Why don't we do this? Highrez timestamps are helpful for debugging, and more parseable.

Event Timeline

• Gage created this task.May 7 2015, 3:06 PM

• Gage raised the priority of this task from to Medium.

• Gage updated the task description. (Show Details)

• Gage added a project: acl*sre-team.

• Gage subscribed.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 7 2015, 3:06 PM

• Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:05 PM

jbond edited projects, added Observability-Logging; removed SRE.Nov 4 2022, 1:45 PM

While we generally agree with the sentiment, we haven't found an instance where this has been a blocker and needed. This feels more like a nice to have, and the goal is to parse the timestamp out of the log message anyways. The Syslog timestamp is more of a fallback than the timestamp provided by the system generating the event. the team doesn't feel like this is something critical. closing and we can re-open if this becomes an issue.

rsyslog: use high precision timestamps or explain why notClosed, DeclinedPublicActions

Description

Event Timeline

rsyslog: use high precision timestamps or explain why not
Closed, DeclinedPublic
Actions