1.6 KiB
1.6 KiB
Lab 2.1 Standardizing on Time
Time is not recorded consistently across all of our systems. You will note very quickly that none of your systems record the timezone within the syslog entry. Without this data it is very hard to develop a cohesive timeline for events that span multiple log sources and multiple time zones. We are going to fix this.
Though the date is set for EST, the specific log entry that may or may not be forwarded to a log server has no indication of the timezone or the year.
rw01 - ubuntu
We fix this by commenting out a line (shown below) in RW01's main /etc/rsyslog.conf file. By default, rsyslog does not use high precision timestamps. Make sure to restart rsyslog on rw01
web01 & log01 - rocky
in /etc/rsyslog.conf
- add these lines:
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format---enables RFC 5424-style syslog format, which includes high-precision timestamps with timezone information.template(name="BetterTiming" type="string" string="%timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg%\n")---explicitly defines a custom template, including high-fidelity timestamps with timezone info- add the suffix
;BetterTimingto the loggging destination---enables the custom template on your logs
