Syslogd really should either be modified or ditched for syslog-ng. As anyone who looks at logs knows, its crucial to have full, standard time stamps. This should include, HH:MM:SS:MS YYYY-MM-DD.Rfc3164 states :
7] date and time formats if they want to include more explicit date and time information. Additional methods to address this desire for long-term archiving have been proposed and some have been successfully implemented. One such method is that the network administrators may choose to modify the messages stored on their collectors. They may run a simple script to add the year, and any other information, to each stored record. Alternatively, the script may replace the stored time with a format more appropriate for the needs of the network administrators. Another alternative has been to insert a record into the file that contains the current year. By association then, all other records near that informative record should have been received in that same year. Neither of these however, addresses the issue of associating a correct timezone with each record.
IMHO, this is backwards. We shouldn’t require developers to put the year in the content field or have people post process logs to include the year.. Syslog should properly write out the year.
By Mark Cohen