Package: logcheck Version: 1.4.2 Severity: normal Dear Maintainer,
rsyslogd currently produces two different timestamp formats at the start of a log line with the default (now also Debian default) rfc3339 format. Local log lines include the sub-seconds part like: 2024-02-16T22:05:52.315463+01:00 tux [...] while remote logs (in that case from virtual machines on the same host) do not include the sub-seconds part: 2024-02-16T22:06:02+01:00 tux1 [...] Logcheck currently deals only with the first format. This results in no logcheck pattern matching for remote host log entries. Fortunately logcheck also still supports the 'traditional' format which I've reverted to. I would expect rsyslog to only use a single format, but failing that I think that logcheck should not drop support for the old 'traditional' timestamp format until the issue in rsyslogd is resolved. Logcheck *may* want to support both rfc3339 formats (the sub-seconds part *is* optional in the RFC). -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-18-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages logcheck depends on: ii adduser 3.134 ii cron [cron-daemon] 3.0pl1-162 ii lockfile-progs 0.1.19 ii logtail 1.4.2 ii mime-construct 1.12+really1.11-1 ii postfix [mail-transport-agent] 3.7.10-0+deb12u1 Versions of packages logcheck recommends: ii logcheck-database 1.4.2 Versions of packages logcheck suggests: ii rsyslog [system-log-daemon] 8.2302.0-1 -- Configuration Files: /etc/logcheck/logcheck.logfiles changed [not included] -- no debconf information
