How to modify syslog date format on RSA Authentication manager 8.4 and up
Originally Published: 2020-11-11
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4, 8.5
Issue
Cause
The original BSD format (RFC3164). Is used by AM 8.3. RSA Authentication manager 8.4 uses “new” format (RFC5424).
Resolution
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat To $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Procedure:
- Launch an SSH client, such as PuTTY.
- Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
Note that during Quick Setup another username may have been selected. Use that username to login.
- Changes the privileges of rsaadmin with the command
sudo su – root
- Enter the operating system password when prompted.
- Go to /etc and make a copy of the rsyslog.conf file.
- Edit the rsyslog.conf configuration file using an editor such as vi.
- Uncomment the line $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat and save.
# Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more information. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on
- Restart the syslog daemon and verify the status with the commands.
bharath:/etc # rcsyslog restart
redirecting to systemctl restart syslog.service
bharath:/etc # rcsyslog status
Usage: /sbin/rcsyslog {start|stop|status|try-restart|restart|force-reload|reload}
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-11-11 15:05:22 UTC; 41s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 10537 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 1713 ExecStartPre=/usr/sbin/rsyslog-service-prepare (code=exited, status=0/SUCCESS)
Main PID: 1719 (rsyslogd)
Tasks: 6 (limit: 16384)
CGroup: /system.slice/rsyslog.service
└─1719 /usr/sbin/rsyslogd -n
bharath:/etc #
Syslog now logs the messages as per old format Nov 11 14:02:08 rather 2020-11-11T13:56:34+00:00
Related Articles
RSA DLP Sample of DLP Syslog Messages sent to SIEM Number of Views Forward syslog messages in RSA Authentication Manager 8.0 through 8.3 Number of Views Errors when configuring RSA Access Manager to send logs to RSA enVision or a generic syslog server Number of Views What is the SYS.ORA_TEMP_1_DS_% table sometimes seen in a running query in RSA Identity Governance & Lifecycle Number of Views Formatting for syslog data sent from RSA Authentication Manager 8.x Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
