How to Enable High-Precision Syslog?

Y

yottabit

Contributor
Joined
Apr 15, 2012
Messages
192
Does BSD syslog support high-precision timestamps? I can't seem to find anything in the man pages or online to enable this. Everything seems geared toward rsyslog and syslog-ng.

Thanks for any help! Would prefer to use default syslog if possible, since I otherwise have everything setup.
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
While the latest syslog protocol (RFC5424) theoretically supports syslog precision down to the microsecond, real-world support for this is lacking. Most implementations are conformant with the earlier RFC3164 syslog protocol, which was basically just an RFC that documented longtime existing practice dating back to the origins of syslogd.

libc's syslog() function has historically been backed by time(3) which limits timestamp resolution to the second. This offers the highest degree of compatibility with historical implementations. FreeBSD 12 has started to use gettimeofday(2) in syslog(), and has modified syslogd to support optional high-res timestamps through the '-O format' argument.

It's worth noting that FreeNAS is currently based on FreeBSD 11, and also uses syslog-ng rather than the base system's syslogd, so the options matrix is kinda complicated. If you could explain what it is you are trying to accomplish, I might be able to make some more specific and relevant comments.
 
Y

yottabit

Contributor
Joined
Apr 15, 2012
Messages
192
Ah, that's great info. Thank you!

I have a bunch of routers and APs that log to syslog on a FreeNAS jail. I'm assuming, based on the manpages, that the jail is running the basic syslog. It was a bit of a hassle to get it set up the way I wanted, so I was hoping it would be an easy option to enable millisecond resolution. That precision makes correlating fast network events much easier.

I'll look into rsyslog and syslog-ng to see which may be the easiest transition from my current config.

It's also worth noting that this jail was created in the old Warden system and I haven't yet migrated it to iocage, so the BSD version in the jail is old.

Thanks again!
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
You might be able to run a FreeBSD 12 jail and run with "-O syslog" flag to syslogd.

I believe that syslog-ng also has support for extended timestamps, so installing a port of syslog-ng in your existing jail seems a potential option as well.

Good luck and feel free to report back what worked for you.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "How to Enable High-Precision Syslog?"

Similar threads

Fidelity
SOLVED TrueNAS hangs every saturday
Replies
4
Views
2K
jgreco
jgreco
Castertr0y357
  • Locked
I/O error occurred while writing; fd='23', error='Unknown error: 122 (122)'
2
Replies
21
Views
17K
kdragon75
kdragon75
Osiris
[How to] install a syslog server jail
2 3
Replies
41
Views
69K
xames
xames
isopropyl
Console Messages, Concerning or Not?
Replies
0
Views
1K
isopropyl
isopropyl
K
  • Locked
Cannot Install Plugins, Cannot Create Jails, New Installs 9.2/9.3 Neither Work
Replies
4
Views
2K
dlavigne
D
Top