Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000039453 - How to modify syslog date format on RSA Authentication manager 8.4 and up

Document created by RSA Customer Support

on Dec 8, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000039453
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.4, 8.5
Issue	The date format in 8.4 is (2020-11-11T13:56:34+00:00) and want to change the date format to older format (Nov 11 14:02:08 RFC3164).
Cause	The date format in 8.4 is the new default format (2020-11-11T13:56:34+00:00 RFC5424 "The New Format"). If you want to change to old format (Nov 11 14:02:08 RFC3164 "The Old Format"), it can be done by updating the rsyslog config file. The original BSD format (RFC3164). Is used by AM 8.3. RSA Authentication manager 8.4 uses “new” format (RFC5424).
Resolution	Uncomment/update the following line from rsyslog.conf file located at /etc, save the file and restart rsyslog service. #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat To $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Procedure: Launch an SSH client, such as PuTTY. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password. Note that during Quick Setup another username may have been selected. Use that username to login. Changes the privileges of rsaadmin with the command sudo su – root Enter the operating system password when prompted. Go to /etc and make a copy of the rsyslog.conf file. Edit the rsyslog.conf configuration file using an editor such as vi. Uncomment the line $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat and save. # Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more information. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on Restart the syslog daemon and verify the status with the commands. bharath:/etc # rcsyslog restart redirecting to systemctl restart syslog.service bharath:/etc # rcsyslog status Usage: /sbin/rcsyslog {start\|stop\|status\|try-restart\|restart\|force-reload\|reload} ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-11-11 15:05:22 UTC; 41s ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 10537 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 1713 ExecStartPre=/usr/sbin/rsyslog-service-prepare (code=exited, status=0/SUCCESS) Main PID: 1719 (rsyslogd) Tasks: 6 (limit: 16384) CGroup: /system.slice/rsyslog.service └─1719 /usr/sbin/rsyslogd -n bharath:/etc # Syslog now logs the messages as per old format Nov 11 14:02:08 rather 2020-11-11T13:56:34+00:00

Attachments

Outcomes

0 Comments

Recommended Content