I currently have a system with RSYSLOG_FileFormat enabled in rsyslog.conf. I am not allowed to change the system format, so I'm trying to find a workaround that will enable me to view the output to stdout of the log file ( /var/log/messages in this case) to the desired timestamp format mentioned below. The reason being it is much easier for me to quickly navigate log files that don't require as much precision. Suggestions are much appreciated!
example current output timestamp:
2020-12-17T19:05:34.118891+00:00
Desired output:
Dec 12 2020 19:05:34
With awk and two arrays:
awk 'BEGIN{m[10]="Oct"; m[11]="Nov"; m[12]="Dec"}
{
# split first field from current row ("$1")
# (here: "2020-12-17T19:05:34.118891+00:00") with
# field separator "T", ".", and "-" in five parts
# to array "array"
split($1, array, "[T.-]")
# rebuild first field from current row with elements of array "array"
$1=sprintf("%s %s %s %s %s", m[array[2]], array[3], array[1], array[4], $2)
# output complete current row
print
}' /var/log/messages
As one line:
awk 'BEGIN{m[10]="Oct"; m[11]="Nov"; m[12]="Dec"} {split($1,array,"[T.-]"); $1=sprintf("%s %s %s %s %s", m[array[2]],array[3],array[1],array[4],$2); print}' /var/log/messages
Please complete yourself array m.