2003-01-14T16:20:57 Rainer Gerhards: > I would like to include some wording that the receiver should > try to parse common time stamp formats, if it is not a RFC3339 > timestamp. I know this is the opposite of what RFC3164 specifies, > and I know there are some issue with it - but I know it because we > all try it anyhow ;) If the entire timestamp exactly matches the lexical pattern of a known timestamp --- we should explicitly mention RFC 3339 and RFC 3164 --- then handle it accordingly --- pass along RFC 3339 recognizing that it's right, convert RFC 3164 to RFC 3339 as well as possible, perhaps assuming the "nearest" year (the year that makes the entire timestamp as close to the current time as possible) and the local timezone. Encourage implementations to support configuration options to make it easier for sites to inform them about the missing info needed to complete RFC 3164 timestamps. Are there any other timestamp formats lurking out there in syslog land? If so, could we document them? I've got this vague recollection of seeing a logfile timestamp with day-of-week in it, many many years ago; I'm recalling deducing the year (which was missing) by trying the current year, seeing if the day-of-week worked out, and if not decrementing the year and trying again, repeat and fade. -Bennett
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 15:09:21 PST