From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4538 Path: news.gmane.org!not-for-mail From: Laurent Bercot Newsgroups: gmane.linux.lib.musl.general Subject: Re: syslog() always sends GMT timestamps Date: Sat, 01 Feb 2014 07:48:56 -0800 Message-ID: <52ED1768.2080809@skarnet.org> References: <500a674a-fd43-49f5-99b8-6fd0b18ef5a2@email.android.com> <20140128171153.GL24286@brightrain.aerifal.cx> <770108a1-99d7-4ef0-b860-b045866c9895@email.android.com> <20140130043344.GR24286@brightrain.aerifal.cx> <20140130120413.GT1685@port70.net> <20140201005419.GZ24286@brightrain.aerifal.cx> <52EC4D3F.8090403@skarnet.org> <20140201090914.GW1685@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1391269740 19889 80.91.229.3 (1 Feb 2014 15:49:00 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 1 Feb 2014 15:49:00 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4542-gllmg-musl=m.gmane.org@lists.openwall.com Sat Feb 01 16:49:07 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1W9cob-0000aB-Dc for gllmg-musl@plane.gmane.org; Sat, 01 Feb 2014 16:49:05 +0100 Original-Received: (qmail 22373 invoked by uid 550); 1 Feb 2014 15:49:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 22365 invoked from network); 1 Feb 2014 15:49:04 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 In-Reply-To: <20140201090914.GW1685@port70.net> Xref: news.gmane.org gmane.linux.lib.musl.general:4538 Archived-At: On 2014-02-01 01:09, Szabolcs Nagy wrote: > yes there is nothing clearer than a 24 digit hexadecimal number > representing time to the nanosecond > > at least the last 3-4 digits in the log can be used as a random > sequence > > (i've seen this in practice and have no idea how anybody could > ever think that it's a good idea.. must be some sysadmin logic > that is beyond the reach of average mortals) I was half-trolling, but since you bit the hook: Historically, logs were made to be read by human beings, so it made sense to print timestamps in a human-readable format. But it is less and less the case. Logs are getting more and more automatically processed, filtered, aggregated, analyzed, which is a good thing. Humans nowadays only look at raw textual log data once everything else has failed, including visualizing them in some web interface that also processes them for display. So it actually makes more sense to write logs in a format that is easily parsable and usable by *computers*, and timestamps are a big part of it. Human time is complex to understand for computers (and even for humans not living in the same time zone). TAI64N is simple, and makes processing easy as pie. (Mmmm... pie.) Merging log files chronologically ? Just cat all your log files together, pipe them through sort, done. Oh, and it works with log files from other machines all around the world, without a concern for timezones or human time quirks such as DST, too. Want to strip the timestamps for some reason ? Pipe your logs through "cut -c27-", done. And people can even read the raw files too, they just have to run "s6-tai64nlocal < logfile | less" instead of "less logfile", which is the simplest processing you could think of - a UNIX filter. (I've heard that Great Sysadmins can understand TAI64N directly in the text, but I couldn't tell, I'm not yet part of the Circle.) So, dear initiate, now that you know the greatness of automated processing and of Unix filters, and have shaken off the myth that logs have to be read exactly as they were written, you have risen above average mortals, and are now a Sysadmin. Congratulations and welcome ! -- Laurent