FreeBSD 12 log formats

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

FreeBSD 12 log formats

Matt Churchyard
Hello,

I asked this question on the freebsd-questions mailing list but didn't get any response.
I (and other users) have noticed that log messages have started appearing in a different format in FreeBSD 12 (although in my case only on one system, and some logs are still the original format...).
For me this caused issues with automated log parsers.

It appears this is related to work for rfc5424 support, but as far as I can see from the commit messages, this shouldn't be enabled without updating the flags for syslog?

Jan  2 12:04:13 ftp 1 2019-01-02T12:04:13.584377+00:00 ftp.full.hostname pkg 5522 - - php72-hash-7.2.13 installed


"For people interested in using this, this feature can be enabled by

adding the following line to /etc/rc.conf:



  syslogd_flags="-s -O rfc5424"

"

Regards,
Matt Churchyard


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD 12 log formats

Ben Woods
On Thu, 3 Jan 2019 at 3:12 am, Matt Churchyard <[hidden email]>
wrote:

> I (and other users) have noticed that log messages have started appearing
> in a different format in FreeBSD 12 (although in my case only on one
> system, and some logs are still the original format...).
> ...
>
> Jan  2 12:04:13 ftp 1 2019-01-02T12:04:13.584377+00:00 ftp.full.hostname
> pkg 5522 - - php72-hash-7.2.13 installed
>
Hi Matt,

That log message has both the old and new formats combined - I believe that
will occur when you are using an old syslog daemon with the new libc
syslog(3) code. By “old” daemon, I mean one that has not been updated to
expect the /var/run/log[priv] sockets to contain RFC5424 style logs.

Are there any jails involved with the above log message, or was it simply
running “pkg install ...” on the FreeBSD 12 host?

If you are using rsyslog or syslog-ng, the UPDATING entry for this change
(linked below) includes instructions required to make them work with the
new libc code:
https://svnweb.freebsd.org/base/head/UPDATING?r1=332100&r2=332099&pathrev=332100

Regards,
Ben
--

--
From: Benjamin Woods
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD 12 log formats

Ben Woods
In reply to this post by Matt Churchyard
On Thu, 3 Jan 2019 at 3:12 am, Matt Churchyard <[hidden email]>
wrote:

> Hello,
>
> I asked this question on the freebsd-questions mailing list but didn't get
> any response.
> I (and other users) have noticed that log messages have started appearing
> in a different format in FreeBSD 12 (although in my case only on one
> system, and some logs are still the original format...).



Hi Matt,

Given that you are only experiencing this on 1 of your FreeBSD 12 systems,
and it was upgraded from a FreeBSD 11 system - could this be a result of an
incomplete upgrade?

How did you go about upgrading (src or binary)?  Did you finish all of the
steps, including the SECOND issuance of the following command?
# freebsd-update install

Refer to the upgrade instructions below which explain the need to run that
command a SECOND time:
https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html

Regards,
Ben

> --

--
From: Benjamin Woods
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

RE: FreeBSD 12 log formats

Matt Churchyard
On Thu, 3 Jan 2019 at 3:12 am, Matt Churchyard <[hidden email]<mailto:[hidden email]>> wrote:
Hello,

I asked this question on the freebsd-questions mailing list but didn't get any response.
I (and other users) have noticed that log messages have started appearing in a different format in FreeBSD 12 (although in my case only on one system, and some logs are still the original format...).


>Hi Matt,

>Given that you are only experiencing this on 1 of your FreeBSD 12 systems, and it was upgraded from a FreeBSD 11 system - could this be a result of an incomplete upgrade?

>How did you go about upgrading (src or binary)?  Did you finish all of the steps, including the SECOND issuance of the following command?
># freebsd-update install

>Refer to the upgrade instructions below which explain the need to run that command a SECOND time:
>https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html

Hmm, Looks like it might be a false alarm.
The full upgrade process was followed, however due to the way the syslog changes have been made it looks like an additional reboot is required after the second part of the upgrade. Based on your last email, it seems the old daemon is running, and any newly started processes end up writing in the new format. This would explain why my maillog was still the old format as that process would not of been restarted. I usually restart systems after an upgrade even though it’s not mentioned to make sure everything starts ok although obviously didn’t this time…

Thanks
Matt

>Regards,
>Ben
--

--
From: Benjamin Woods
[hidden email]<mailto:[hidden email]>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"