How to change the date format of maillog?

Solution 1:

A possibly better answer is to employ the newer syslog standard to all rsyslog generated logs.....see

 http://support.pimpmylog.com/kb/softwares/rsyslog-protocol-23-format

The configuration is quite close to the RFC 5424 standard.

This is done by putting the following line in your rsyslog.conf file:

 $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format

A given line in a syslog file would appear as follows:

 <27>1 2014-01-12T20:06:05.783312-05:00 somebody smbd 3752 - -  [2014/01/12 20:06:05.783190,  0] printing/print_cups.c:487(cups_async_callback)

Notice the full time and date are included as well as the TimeZone on the timestamp.

Solution 2:

After a little more research and some tests, I found the solution I need. My server works with CentOS 7.6, which use rsyslog to log.

1. Edit the file /etc/rsyslog.conf and add the following template before the section "RULES":

$template MailLogFormat, "%timestamp:::date-year%-%timestamp:::date-month%-%timestamp:::date-day% %timestamp:::date-hour%:%timestamp:::date-minute%:%timestamp:::date-second% %hostname% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

2. Search for the line:

# Log all the mail messages in one place.
mail.*       -/var/log/maillog

and change to:

# Log all the mail messages in one place.
mail.*       -/var/log/maillog;MailLogFormat

3. Restart rsyslog:

systemctl restart rsyslog

Done. The logs in the /var/log/maillog file will be printed with the date in the format: Year-Month-Day Hour:Minute:Second