How to modify syslog date format on RSA Authentication manager 8.4 and up
Originally Published: 2020-11-11
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4, 8.5
Issue
Cause
The original BSD format (RFC3164). Is used by AM 8.3. RSA Authentication manager 8.4 uses “new” format (RFC5424).
Resolution
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat To $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Procedure:
- Launch an SSH client, such as PuTTY.
- Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
Note that during Quick Setup another username may have been selected. Use that username to login.
- Changes the privileges of rsaadmin with the command
sudo su – root
- Enter the operating system password when prompted.
- Go to /etc and make a copy of the rsyslog.conf file.
- Edit the rsyslog.conf configuration file using an editor such as vi.
- Uncomment the line $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat and save.
# Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more information. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on
- Restart the syslog daemon and verify the status with the commands.
bharath:/etc # rcsyslog restart
redirecting to systemctl restart syslog.service
bharath:/etc # rcsyslog status
Usage: /sbin/rcsyslog {start|stop|status|try-restart|restart|force-reload|reload}
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-11-11 15:05:22 UTC; 41s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 10537 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 1713 ExecStartPre=/usr/sbin/rsyslog-service-prepare (code=exited, status=0/SUCCESS)
Main PID: 1719 (rsyslogd)
Tasks: 6 (limit: 16384)
CGroup: /system.slice/rsyslog.service
└─1719 /usr/sbin/rsyslogd -n
bharath:/etc #
Syslog now logs the messages as per old format Nov 11 14:02:08 rather 2020-11-11T13:56:34+00:00
Related Articles
Why automatically generated revocation requests do not add back revoked requests on a revocation date in RSA Identity Gove… Number of Views Remove Member User Groups from User Groups Number of Views Accurate System Date and Time Settings Number of Views A revocation request executes immediately in RSA Identity Governance and Lifecycle if the revocation date is defined beyon… Number of Views RSA DLP Sample of DLP Syslog Messages sent to SIEM Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
